Worthy – VG WORT Integration für WordPress < 1.7.0-0cde1c2 – Cross-Site Request Forgery | CVE 2023-24417

Affects Plugins

Fixed in 1.7.0-0cde1c2

References

CVE

CVE-2023-24417

URL

https://patchstack.com/database/vulnerability/wp-worthy/wordpress-worthy-vg-wort-integration-fuer-wordpress-plugin-1-6-5-6497609-cross-site-request-forgery-csrf-vulnerability

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

yuyudhn

Verified

No

WPVDB ID

653239cd-e482-4800-9541-fdfc8a9cc6a4

Timeline

Publicly Published

2023-05-30 (about 2 years ago)

Added

2023-07-11 (about 2 years ago)

Last Updated

2023-09-25 (about 2 years ago)

Other

Published

Title

Published

2019-01-16

Title

Polylang <= 2.5 - CSRF in categories and media duplication

Published

2024-03-29

Title

Change default login logo,url and title <= 2.0 - Cross-Site Request Forgery

Published

2025-04-22

Title

CM Ad Changer < 2.0.6 - Cross-Site Request Forgery

Published

2025-04-01

Title

SCSS WP Editor <= 1.1.8 - Cross-Site Request Forgery

Published

2025-12-28

Title

Popup box < 6.0.8 - Cross-Site Request Forgery