WordPress Plugin Vulnerabilities

Visibility Logic for Elementor < 2.3.5 - Cross-Site Request Forgery

Description

The plugin does not properly validate requests using nonces, which makes it susceptible to Cross-Site Request Forgery attacks.

Affects Plugins

Plugin icon
visibility-logic-elementor
Fixed in 2.3.5

References

CVE
CVE-2022-47169
URL
https://patchstack.com/database/vulnerability/visibility-logic-elementor/wordpress-visibility-logic-for-elementor-plugin-2-3-4-cross-site-request-forgery-csrf

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
4bbc427d-cecb-4bd2-b206-a08f3fe99e5b

Timeline

Publicly Published
2023-07-05 (about 2 years ago)
Added
2023-07-18 (about 2 years ago)
Last Updated
2023-07-18 (about 2 years ago)

Other

Published
Title
Published
2025-07-12
Title
Evergreen Content Poster < 1.4.6 - Cross-Site Request Forgery
Published
2024-06-05
Title
Pure Chat – Live Chat Plugin & More! < 2.23 - Cross-Site Request Forgery
Published
2022-05-12
Title
WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF
Published
2024-10-14
Title
Cookie Scanner <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-01-27
Title
Fare Calculator <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting