WordPress Plugin Vulnerabilities

WP Testimonials < 1.4.3 - Widget Deletion via CSRF

Description

The plugin does not have CSRF check when deletion widgets, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
testimonial-widgets
Fixed in 1.4.3

References

CVE
CVE-2023-2830

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Skalucy
Verified
No
WPVDB ID
411af0a5-fec3-4e41-93fe-dbb1e83a4287

Timeline

Publicly Published
2023-07-14 (about 2 years ago)
Added
2023-10-12 (about 2 years ago)
Last Updated
2023-10-12 (about 2 years ago)

Other

Published
Title
Published
2023-11-07
Title
Patreon WordPress < 1.8.8 - Cross-Site Request Forgery
Published
2021-05-05
Title
Parcel Tracker eCourier < 1.0.2 - Plugin's Settings Update via CSRF
Published
2019-06-12
Title
Contest Gallery <= 10.4.4 - Cross-Site Request Forgery (CSRF)
Published
2025-04-17
Title
illow – Cookies Consent <= 0.2.0 - Cross-Site Request Forgery
Published
2021-08-17
Title
Fileviewer <= 2.2 - Arbitrary File Upload/Deletion via CSRF