WordPress Plugin Vulnerabilities

Easy WP Cleaner < 2.0 - Data Deletion via CSRF

Description

The plugin does not have CSRF check when deleting data from the blog, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
easy-wp-cleaner
Fixed in 2.0

References

CVE
CVE-2023-41697
URL
https://patchstack.com/database/vulnerability/easy-wp-cleaner/wordpress-easy-wp-cleaner-plugin-1-9-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
5b15757f-ab71-4442-afd8-f6942552e6bd

Timeline

Publicly Published
2023-09-05 (about 2 years ago)
Added
2023-10-11 (about 2 years ago)
Last Updated
2024-05-23 (about 1 year ago)

Other

Published
Title
Published
2023-10-03
Title
Sp*tify Play Button for WordPress < 2.11 - Settings Update via CSRF
Published
2025-01-16
Title
WP Service Payment Form With Authorize.net <= 2.6.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
Published
2014-08-01
Title
foursquare-checkins - CSRF
Published
2024-05-30
Title
ActiveDEMAND < 0.2.44 - Cross-Site Request Forgery
Published
2023-09-04
Title
MyCryptoCheckout < 2.126 - CSRF