WordPress Plugin Vulnerabilities

Advanced Post Listing Shortcode <= 2.8 - CSRF Bypass

Description

The plugin does not properly check for CSRF in its get_textonomy, get_term and gt_pagination methods, allowing attacker to make users call them via a CSRF attack.

Affects Plugins

Plugin icon
get-post-custom-taxonomy-term-shortcode
No known fix

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
0.0 (none)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
65ebc937-41fc-42dc-b2e5-2e78ebb71c09

Timeline

Publicly Published
2021-07-05 (about 4 years ago)
Added
2021-07-05 (about 4 years ago)
Last Updated
2021-07-05 (about 4 years ago)

Other

Published
Title
Published
2025-09-22
Title
Double the Donation < 3.0.0 - Cross-Site Request Forgery
Published
2024-12-11
Title
HQ Rental Software <= 1.5.29 - Cross-Site Request Forgery to Arbitrary Options Update
Published
2025-06-05
Title
CubePoints <= 3.2.1 - Cross-Site Request Forgery
Published
2019-02-26
Title
FormCraft <= 1.2.1 - Cross-Site Request Forgery (CSRF)
Published
2024-03-25
Title
Smart Forms < 2.6.94 - Edit Entries via CSRF