WordPress Plugin Vulnerabilities

Social Media Icons Widget <= 1.6 - Cross-Site Request Forgery

Description

The plugin does not adequately protect against Cross-Site Request Forgery (CSRF) attacks.

Affects Plugins

Plugin icon
spoontalk-social-media-icons-widget
No known fix

References

CVE
CVE-2023-25036
URL
https://patchstack.com/database/vulnerability/spoontalk-social-media-icons-widget/wordpress-social-media-icons-widget-plugin-1-6-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
3d11bdba-76fa-456f-b97f-93e3e916f43a

Timeline

Publicly Published
2023-07-10 (about 2 years ago)
Added
2023-07-18 (about 2 years ago)
Last Updated
2023-07-18 (about 2 years ago)

Other

Published
Title
Published
2024-07-04
Title
Rara Business < 1.2.6 - Cross-Site Request Forgery to Notice Dismissal
Published
2022-06-22
Title
DX Share Selection < 1.5 - Stored Cross-Site Scripting via CSRF
Published
2025-08-14
Title
Thim Core <= 2.3.3 - Cross-Site Request Forgery
Published
2024-02-20
Title
Database Reset < 3.23 - Cross-Site Request Forgery to WP Reset Plugin Installation
Published
2016-10-27
Title
GoDaddy Email Marketing <= 1.1.3 - Cross-Site Request Forgery (CSRF)