WordPress Plugin Vulnerabilities

Logaster Logo Generator <= 1.3 - Cross-Site Request Forgery (CSRF)

Description

The plugin does not protect its upload_logo_callback and delete_logo_callback functions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in admin to delete or upload arbitrary media files on their behalf, by submitting a crafted request.

Affects Plugins

Plugin icon
logaster-logo-generator
No known fix

References

CVE
CVE-2022-47159

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
rezaduty
Verified
No
WPVDB ID
55b991bb-b423-4d88-8483-877ec7d4741d

Timeline

Publicly Published
2023-01-04 (about 3 years ago)
Added
2023-05-29 (about 2 years ago)
Last Updated
2023-05-29 (about 2 years ago)

Other

Published
Title
Published
2023-12-28
Title
Strong Testimonials < 3.1.11 - Settings Update via CSRF
Published
2024-08-26
Title
Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More < 1.2.0 - Cross-Site Request Forgery
Published
2025-12-31
Title
SensitiveTagCloud <= 1.4.1 - Cross-Site Request Forgery
Published
2026-01-23
Title
GeoDirectory < 2.8.150 - Cross-Site Request Forgery
Published
2025-09-10
Title
LH Signing <= 2.83 - Cross-Site Request Forgery