WordPress Plugin Vulnerabilities

Menubar < 5.9 - Cross-Site Request Forgery

Description

The plugin does not properly implement anti-CSRF measures, potentially making it possible for unwanted actions to be performed in the user's session.

Affects Plugins

Plugin icon
menubar
Fixed in 5.9

References

CVE
CVE-2023-36687
URL
https://patchstack.com/database/vulnerability/menubar/wordpress-menubar-plugin-5-8-1-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
LEE SE HYOUNG
Verified
No
WPVDB ID
484195f5-37ec-4695-b3ba-4b45bc53dc78

Timeline

Publicly Published
2023-07-04 (about 2 years ago)
Added
2023-07-11 (about 2 years ago)
Last Updated
2023-07-13 (about 2 years ago)

Other

Published
Title
Published
2024-02-22
Title
Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Cross-Site Request Forgery
Published
2014-08-01
Title
Developer Formatter 2013.0.1.40 - devformatter.php Multiple Action CSRF
Published
2021-06-30
Title
Adapta RGPD < 1.3.3 - Unauthorised Consent via CSRF
Published
2023-02-02
Title
PHP Execution <= 1.0.0 - Settings Update via CSRF
Published
2023-04-19
Title
Motors – Car Dealer & Classified Ads < 1.4.5 - CSRF