WordPress Plugin Vulnerabilities

xili-tidy-tags < 1.12.04 - Cross-Site Request Forgery

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks.

The original researcher didn't provide enough information on which actions could be performed.

Affects Plugins

Plugin icon
xili-tidy-tags
Fixed in 1.12.04

References

CVE
CVE-2022-47448

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
rezaduty
Verified
No
WPVDB ID
5a82f0e5-4335-4e8c-96b7-c306218f9ecf

Timeline

Publicly Published
2023-03-14 (about 1 years ago)
Added
2023-05-24 (about 11 months ago)
Last Updated
2023-08-10 (about 9 months ago)

Other

Published
Title
Published
2021-02-10
Title
Responsive Menu < 4.0.4 - CSRF to Settings Update
Published
2023-10-03
Title
Short URL <= 1.6.8 - CSRF
Published
2023-11-28
Title
Affiliate Booster < 3.0.6 - Blocks Enabling/Disabling via CSRF
Published
2023-10-16
Title
WP Open Street Map < 1.30 - Arbitrary Settings Update via CSRF
Published
2023-04-05
Title
WCFM Membership < 2.10.0 - Multiple CSRF