WordPress Plugin Vulnerabilities

Conversios.io < 5.2.4 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
enhanced-e-commerce-for-woocommerce-store
Fixed in 5.2.4

References

CVE
CVE-2022-46797

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
646e61e3-2f2d-43b6-9526-aca7e7fc471d

Timeline

Publicly Published
2023-02-06 (about 3 years ago)
Added
2023-03-01 (about 3 years ago)
Last Updated
2023-03-01 (about 3 years ago)

Other

Published
Title
Published
2023-06-13
Title
MStore API < 3.9.7 - Multiple CSRF
Published
2022-02-01
Title
Easy Pricing Tables < 3.1.3 - Arbitrary Post Removal via CSRF
Published
2021-06-08
Title
WP Prayer < 1.6.6 - Cross-Site Request Forgery
Published
2024-12-11
Title
Hive Support – WordPress Help Desk < 1.1.3 - Cross-Site Request Forgery
Published
2025-09-10
Title
Plugin updates blocker <= 0.2 - Cross-Site Request Forgery