WordPress Plugin Vulnerabilities

eRoom < 1.3.9 - Cache Deletion via CSRF

Description

The plugin does not have CSRF check in place when deleting cache, which could allow attackers to make logged in users delete cache via a CSRF attack

Affects Plugins

Plugin icon
eroom-zoom-meetings-webinar
Fixed in 1.3.9

References

CVE
CVE-2022-25615

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ex.Mi
Verified
No
WPVDB ID
629697bb-a938-4cff-8328-48bcbe48b255

Timeline

Publicly Published
2022-04-11 (about 4 years ago)
Added
2022-04-12 (about 4 years ago)
Last Updated
2022-04-13 (about 4 years ago)

Other

Published
Title
Published
2023-02-28
Title
QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF
Published
2025-01-27
Title
FlashCounter <= 1.1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-02-27
Title
Easy PayPal & Stripe Buy Now Button <= 1.8.3 & Contact Form 7 – PayPal & Stripe Add-on <= 2.1 - Cross-Site Request Forgery to Settings Update
Published
2025-05-16
Title
Pixel WordPress Form BuilderPlugin & Autoresponder < 1.0.4 - Cross-Site Request Forgery
Published
2024-11-01
Title
Featured Posts Scroll <= 1.25 - Cross-Site Request Forgery to Stored Cross-Site Scripting