WordPress Plugin Vulnerabilities

WP Social Bookmarking Light <= 2.0.7 - Cross-Site Request Forgery (CSRF)

Description

The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request.

Affects Plugins

Plugin icon
wp-social-bookmarking-light
No known fix

References

CVE
CVE-2023-25029
URL
https://patchstack.com/database/vulnerability/wp-social-bookmarking-light/wordpress-wp-social-bookmarking-light-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
3eabef3a-53fb-4203-9968-963fcf7a8a99

Timeline

Publicly Published
2023-02-28 (about 3 years ago)
Added
2023-05-30 (about 2 years ago)
Last Updated
2023-05-30 (about 2 years ago)

Other

Published
Title
Published
2024-11-22
Title
ITERAS < 1.8.1 - Stored XSSS via CSRF
Published
2021-06-30
Title
Fontsampler < 0.14.3 - CSRF to Authenticated Reflected Cross-Site Scripting (XSS)
Published
2025-03-19
Title
WP MultiTasking <= 0.1.12 - Permalink Suffix Update via CSRF
Published
2025-06-05
Title
Interactive UK Regional Map <= 2.0 - Cross-Site Request Forgery
Published
2022-06-09
Title
Toolbar To Share <= 2.0 - Stored Cross-Site Scripting via CSRF