SRS Simple Hits Counter < 1.1.1 – Settings Update via CSRF | CVE 2023-22709

Affects Plugins

Fixed in 1.1.1

References

CVE

CVE-2023-22709

URL

https://patchstack.com/database/vulnerability/srs-simple-hits-counter/wordpress-srs-simple-hits-counter-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Mika

Verified

Yes

WPVDB ID

643c797b-6ccc-4649-a9c5-b6457772a112

Timeline

Publicly Published

2023-01-19 (about 3 years ago)

Added

2023-05-23 (about 2 years ago)

Last Updated

2023-12-28 (about 2 years ago)

Other

Published

Title

Published

2024-04-11

Title

Responsive Contact Form Builder & Lead Generation Plugin < 1.9.0 - Missing Authorization

Published

2024-11-28

Title

Build App Online <= 1.0.23 - Cross-Site Request Forgery

Published

2025-04-24

Title

Call Now PHT Blog <= 2.4.1 - Cross-Site Request Forgery

Published

2024-06-03

Title

WP-Recall < 16.26.7 - Cross-Site Request Forgery

Published

2021-08-09

Title

WordPress Download Manager < 3.2.13 - Email Template Setting Update via CSRF