WordPress Plugin Vulnerabilities

Deny All Firewall <= 1.1.6 - CSRF

Description

CSRF leading to disabling of the plugin protection (rules in the .htaccess removed)

Affects Plugins

Plugin icon
deny-all-firewall
Fixed in 1.1.7

References

CVE
CVE-2019-14681
URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=2110522%40deny-all-firewall&old=2110073%40deny-all-firewall

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Verified
No
WPVDB ID
613ee998-ada3-4d35-9c08-ee379560c155

Timeline

Publicly Published
2019-06-22 (about 6 years ago)
Added
2019-06-22 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-02-16
Title
Microsoft Clarity < 0.9.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-01-06
Title
Simple add pages or posts <= 2.0.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
Published
2025-12-04
Title
Image Optimizer by wps.sk <= 1.2.0 - Cross-Site Request Forgery to Bulk Image Optimization
Published
2023-09-11
Title
Checkout Field Editor < 1.7.5 - Cross-Site Request Forgery to Checkout Fields Update
Published
2024-05-09
Title
Church Admin < 4.2.0 - Cross-Site Request Forgery