WordPress Plugin Vulnerabilities

HandL UTM Grabber < 2.6.5 - Authenticated Option Change via CSRF

Description

The HandL UTM Grabber / Tracker WordPress plugin was affected by an Authenticated Option Change via CSRF security vulnerability.

Affects Plugins

Plugin icon
handl-utm-grabber
Fixed in 2.6.5

References

CVE
CVE-2019-15769

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Verified
No
WPVDB ID
4c9a8bf8-2c1c-4b62-b493-8d9d2ce1af8a

Timeline

Publicly Published
2019-08-27 (about 6 years ago)
Added
2019-08-29 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2021-03-10
Title
Database Backups <= 1.2.2.6 - CSRF to Backup Download
Published
2020-09-16
Title
Paid Memberships Pro < 2.4.3 - Arbitrary Settings Update via CSRF
Published
2025-01-16
Title
Mass Custom Fields Manager <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-01-17
Title
MainWP Matomo Extension < 4.0.5 - CSRF
Published
2025-04-17
Title
Review Wave – Google Places Reviews <= 1.4.7 - Cross-Site Request Forgery