WordPress Plugin Vulnerabilities

Read more By Adam <= 1.1.8 - Cross-Site Request Forgery

Description

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions

Affects Plugins

Plugin icon
read-more
No known fix

References

CVE
CVE-2022-38085

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
ptsfence
Verified
No
WPVDB ID
49776954-b85a-42a6-b886-167892c9dc71

Timeline

Publicly Published
2022-09-12 (about 3 years ago)
Added
2022-09-25 (about 3 years ago)
Last Updated
2022-09-25 (about 3 years ago)

Other

Published
Title
Published
2025-12-31
Title
Email Capture < 3.12.6 - Cross-Site Request Forgery
Published
2022-05-25
Title
Private Messages For WordPress <= 2.1.10 - Arbitrary Message Sent via CSRF
Published
2026-02-18
Title
Remove Post Type Slug <= 1.0.2 - Cross-Site Request Forgery to Settings Update
Published
2026-01-23
Title
WP Youtube Video Gallery <= 1.0 - Cross-Site Request Forgery to Plugin Settings Update
Published
2023-01-27
Title
Quick Restaurant Menu < 2.1.0 - Menu Items Update via CSRF