Themes Vulnerabilities

Multiple Themes by KlbTheme - Cross-Site Request Forgery

Description

The themes do not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions via CSRF attacks

Affects Themes

bacola
No known fix
clotya
No known fix
cosmetsy
No known fix
furnob
No known fix
machic
No known fix
medibazar
No known fix
partdo
No known fix

References

CVE
CVE-2023-49838
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d5036a-c756-47a6-b071-c393f8a6ce5e

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Vladislav Pokrovsky (ΞX.MI)
Verified
No
WPVDB ID
57f635f6-1686-48d2-af18-44ee783d8de8

Timeline

Publicly Published
2023-12-07 (about 2 years ago)
Added
2023-12-13 (about 2 years ago)
Last Updated
2023-12-13 (about 2 years ago)

Other

Published
Title
Published
2024-05-13
Title
Fast Custom Social Share by CodeBard <= 1.1.2 - Cross-Site Request Forgery
Published
2024-01-05
Title
WooCommerce < 8.3.0 - Cross-Site Request Forgery
Published
2025-01-16
Title
HTTP to HTTPS link changer by Eyga.net <= 0.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-03-27
Title
Serial Codes Generator and Validator with WooCommerce Support < 2.7.8 - Cross-Site Request Forgery via [placeholder]
Published
2025-03-04
Title
IP Based Login < 2.4.1 - Log Deletion via CSRF