WordPress Plugin Vulnerabilities

Auto Upload Images < 3.3.1 - CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
auto-upload-images
Fixed in 3.3.1

References

CVE
CVE-2022-42880

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Rasi Afeef
Verified
No
WPVDB ID
40d64a06-c4cd-44ab-b704-7b654785c824

Timeline

Publicly Published
2022-10-24 (about 3 years ago)
Added
2023-06-14 (about 2 years ago)
Last Updated
2023-06-14 (about 2 years ago)

Other

Published
Title
Published
2025-01-16
Title
Rename Author Slug <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2022-05-30
Title
CaPa Protect <= 0.5.8.2 - Arbitrary Settings Update via CSRF
Published
2021-04-16
Title
404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
Published
2025-04-01
Title
CLP – Custom Login Page by NiteoThemes <= 1.5.5 - Cross-Site Request Forgery
Published
2025-01-16
Title
WP VTiger Synchronization <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting