WordPress Plugin Vulnerabilities

Clean Login < 1.8 - Change Redirect URL CSRF

Description

The Clean Login WordPress plugin was affected by a Change Redirect URL CSRF security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
clean-login
Fixed in 1.8

References

CVE
CVE-2017-8875
URL
https://seclists.org/fulldisclosure/2017/May/23

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
6.5 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
4d9ae2e7-e78f-4c78-88f5-8ddc414df557

Timeline

Publicly Published
2017-05-05 (about 8 years ago)
Added
2017-05-11 (about 8 years ago)
Last Updated
2021-01-19 (about 5 years ago)

Other

Published
Title
Published
2023-01-27
Title
DH - Anti AdBlocker < 37 - Settings Update via CSRF
Published
2021-07-27
Title
uListing < 2.0.6 - Settings Update via CSRF
Published
2023-11-08
Title
Vertical scroll recent post <= 14.0 - Cross-Site Request Forgery via vsrp_admin_options
Published
2018-06-12
Title
Tooltipy (tooltips for WP) <= 5.0 - Cross-Site Request Forgery (CSRF)
Published
2014-08-01
Title
Disable Comments 1.0.3 - disable_comments_settings.php Comment Status Manipulation CSRF