WordPress Plugin Vulnerabilities

Configurable Tag Cloud < 5.3 - Cross-Site Request Forgery

Description

Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Configurable Tag Cloud (CTC) plugin <= 5.2 versions.

Affects Plugins

Plugin icon
configurable-tag-cloud-widget
Fixed in 5.3

References

CVE
CVE-2023-28995
URL
https://patchstack.com/database/vulnerability/configurable-tag-cloud-widget/wordpress-configurable-tag-cloud-plugin-5-2-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
615c7634-bf1d-4106-8508-7dbda388af1c

Timeline

Publicly Published
2023-03-30 (about 3 years ago)
Added
2023-07-10 (about 2 years ago)
Last Updated
2023-07-10 (about 2 years ago)

Other

Published
Title
Published
2025-04-24
Title
Google News <= 2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-09-05
Title
Invelity MyGLS connect <= 1.1.1 - Cross-Site Request Forgery
Published
2025-03-04
Title
bbPress < 2.6.12 - Cross-Site Request Forgery to Limited Privilege Escalation
Published
2024-12-12
Title
CRUDLab Google Plus Button <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-01-02
Title
Booster for WooCommerce - Multiple CSRF