WordPress Plugin Vulnerabilities

Ads For WP <= 1.8 - Cross-Site Request Forgery (CSRF)

Description

CSRF allowing attacker to disconnect the linked Google Analytics from the plugin's settings

Affects Plugins

Plugin icon
ads-for-wp
Fixed in 1.9

References

URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=2116839%40ads-for-wp&old=2112175%40ads-for-wp

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Verified
No
WPVDB ID
3f71789f-583f-4ccb-a270-9ddfbda8dc40

Timeline

Publicly Published
2019-06-26 (about 6 years ago)
Added
2019-06-26 (about 6 years ago)
Last Updated
2019-07-03 (about 6 years ago)

Other

Published
Title
Published
2014-12-15
Title
O2tweet <= 0.0.4 - Multiple CSRF
Published
2025-04-09
Title
Doppler Forms < 2.6.0 - Stored XSS via CSRF
Published
2024-11-01
Title
Simple Page Specific Sidebars <= 2.14.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-02-17
Title
magayo Lottery Results <= 2.0.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-09-17
Title
Entrada <= 5.7.7 - Cross-Site Request Forgery