WordPress Plugin Vulnerabilities

WP Coder < 2.5.3 - Code Deletion via CSRF

Description

The plugin does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack

Proof of Concept

Affects Plugins

Plugin icon
wp-coder
Fixed in 2.5.3

References

CVE
CVE-2022-2388

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Submitter twitter
kazet1234
Verified
Yes
WPVDB ID
50acd35f-eb31-4aba-bf32-b390e9514beb

Timeline

Publicly Published
2022-07-26 (about 3 years ago)
Added
2022-07-26 (about 3 years ago)
Last Updated
2023-04-22 (about 2 years ago)

Other

Published
Title
Published
2024-02-20
Title
Product Catalog Enquiry for WooCommerce by MultiVendorX < 5.0.6 - Cross-Site Request Forgery via REST API
Published
2023-11-08
Title
Korea SNS < 1.6.5 - Settings Update via CSRF
Published
2023-06-26
Title
AutomateWoo < 5.7.6 - Cross-Site Request Forgery
Published
2024-08-27
Title
Posts reminder <= 0.20 - Settings Update via CSRF
Published
2023-02-20
Title
Books Gallery < 4.4.9 - CSRF