WordPress Plugin Vulnerabilities

Taxonomy filter < 2.2.10 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
taxonomy-filter
Fixed in 2.2.10

References

CVE
CVE-2023-48282
URL
https://patchstack.com/database/vulnerability/taxonomy-filter/wordpress-taxonomy-filter-plugin-2-2-9-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nguyen Xuan Chien
Verified
No
WPVDB ID
5bf22191-17ec-4df3-9a13-11115da7d57d

Timeline

Publicly Published
2023-11-23 (about 2 years ago)
Added
2023-11-28 (about 2 years ago)
Last Updated
2024-02-12 (about 2 years ago)

Other

Published
Title
Published
2025-01-16
Title
Import Users to MailChimp <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2026-02-11
Title
Bluestreet <= 1.7.3 - Cross-Site Request Forgery
Published
2022-05-04
Title
Disable Right Click For WP <= 1.1.6 - Arbitrary Settings Update via CSRF
Published
2023-07-05
Title
ARMember < 4.0.6 - ARMember Cross-Site Request Forgery
Published
2022-01-03
Title
NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF