WordPress Plugin Vulnerabilities

OWM Weather < 5.6.12 - Post Duplication via CSRF

Description

The plugin does not have CSRF check when duplicating posts (which will be duplicated as drafts), which could allow attackers to make logged in admin perform such action via a CSRF attack and fill up the post table

Affects Plugins

Plugin icon
owm-weather
Fixed in 5.6.12

References

CVE
CVE-2022-47179

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Cat
Verified
No
WPVDB ID
4ddcc491-8eb2-418d-9869-20b9e9e83d5f

Timeline

Publicly Published
2023-02-07 (about 3 years ago)
Added
2023-02-28 (about 3 years ago)
Last Updated
2023-02-28 (about 3 years ago)

Other

Published
Title
Published
2025-04-09
Title
SEO, Nutrition and Print for Recipes by Edamam <= 3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-04-05
Title
WCFM Frontend Manager < 6.6.0 - Multiple CSRF
Published
2025-04-24
Title
PayPal Express Checkout <= 2.1.2 - Cross-Site Request Forgery
Published
2026-02-08
Title
Photo Gallery by 10Web < 1.8.38 - Cross-Site Request Forgery
Published
2023-11-27
Title
Delete Post Revisions In WordPress <= 4.6 - Cross-Site Request Forgery