WordPress Plugin Vulnerabilities

PHP Compatibility Checker < 1.6.0 - Cross-Site Request Forgery

Description

The plugin does not adequately protect against Cross-Site Request Forgery (CSRF), making it possible to force unsuspecting users to perform actions without their consent.

Affects Plugins

Plugin icon
php-compatibility-checker
Fixed in 1.6.0

References

CVE
CVE-2023-24421
URL
https://patchstack.com/database/vulnerability/php-compatibility-checker/wordpress-php-compatibility-checker-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
6390367b-1fc8-44d5-94cd-437e9826bc51

Timeline

Publicly Published
2023-04-06 (about 3 years ago)
Added
2023-07-11 (about 2 years ago)
Last Updated
2023-07-11 (about 2 years ago)

Other

Published
Title
Published
2025-11-29
Title
Quick Interest Slider < 3.1.6 - Cross-Site Request Forgery
Published
2024-03-28
Title
Ninja Forms Contact Form < 3.8.1 - Publicly Accessible Form Submission Export via CSRF
Published
2025-09-05
Title
Woocommerce Notify Updated Product <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-12-12
Title
Go Animate <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-01-16
Title
Easy Tynt <= 0.2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting