WordPress Plugin Vulnerabilities

Urvanov Syntax Highlighter < 2.8.34 - Highlighting Blocks Mgt via CSRF

Description

The plugin does not have CSRF checks when managing highlighting blocks, which could allow attackers to make logged in admins update, create, duplicate and delete them via CSRF attacks

Affects Plugins

Plugin icon
urvanov-syntax-highlighter
Fixed in 2.8.34

References

CVE
CVE-2023-45106

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
3e14d8c3-db58-43dc-bd87-20c5719d37da

Timeline

Publicly Published
2023-10-06 (about 2 years ago)
Added
2023-10-13 (about 2 years ago)
Last Updated
2023-10-30 (about 2 years ago)

Other

Published
Title
Published
2024-07-09
Title
Pardakht Delkhah < 2.9.9 - Form Fields Reset via CSRF
Published
2025-12-11
Title
Coding Blocks <= 1.1.0 - Cross-Site Request Forgery to Settings Update
Published
2023-11-01
Title
Funnelforms Free < 3.4.2 - Cross-Site Request Forgery to Arbitrary Post Duplication
Published
2025-09-22
Title
Flexible PDF Invoices for WooCommerce & WordPress < 6.0.14 - Cross-Site Request Forgery
Published
2025-10-03
Title
Trinity Audio < 5.21.0 - Cross-Site Request Forgery