Snap Pixel < 1.6.0 – Arbitrary Settings Update via CSRF | CVE 2023-45642

Affects Plugins

Fixed in 1.6.0

References

CVE

CVE-2023-45642

URL

https://patchstack.com/database/wordpress/plugin/snap-pixel/vulnerability/wordpress-snap-pixel-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Prasanna V Balaji

Verified

No

WPVDB ID

6735b5e2-2944-409b-9449-915e324b8847

Timeline

Publicly Published

2023-10-16 (about 2 years ago)

Added

2023-10-17 (about 2 years ago)

Last Updated

2025-07-29 (about 9 months ago)

Other

Published

Title

Published

2014-08-01

Title

Conditional CAPTCHA 3.6 - wp-conditional-captcha.php Settings Page CSRF

Published

2024-04-05

Title

WooCommerce Checkout Field Editor (Checkout Manager) < 2.1.9 - Cross-Site Request Forgery

Published

2025-01-07

Title

News Publisher Autopilot <= 2.1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2023-10-12

Title

Contact Form With Captcha <= 1.6.8 - Cross-Site Request Forgery

Published

2018-12-19

Title

WP Ultimate Exporter < 1.4.2 - CSRF