WordPress Plugin Vulnerabilities

ShopLentor < 2.5.2 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
woolentor-addons
Fixed in 2.5.2

References

CVE
CVE-2022-46798

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
54809eae-e69a-40e4-b5d5-228bffac1a39

Timeline

Publicly Published
2023-02-06 (about 3 years ago)
Added
2023-03-01 (about 3 years ago)
Last Updated
2023-03-01 (about 3 years ago)

Other

Published
Title
Published
2024-11-01
Title
Flash Show And Hide Box <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2026-02-18
Title
Page Title, Description & Open Graph Updater <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification
Published
2024-03-12
Title
Team Circle Image Slider With Lightbox < 1.0.1 - Image Data Update via CSRF
Published
2026-04-21
Title
mCatFilter <= 0.5.2 - Cross-Site Request Forgery via compute_post() Function
Published
2024-01-08
Title
MailerLite – WooCommerce integration < 2.0.9 - Cross-Site Request Forgery via Multiple AJAX Functions