WordPress Plugin Vulnerabilities

KONTXT Improves WordPress Search <= 1.4.6 - CSRF Bypass

Description

The plugin does not properly check for CSRF in its kontxt_analyze_results, kontxt_analyze_results and kontxt_send_event functions, allowing attacker to make logged in users call them them via CSRF attacks.

Affects Plugins

Plugin icon
kontxt-semantic-engine
No known fix

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
6787a017-c076-4cc4-ac93-567c81e28aa5

Timeline

Publicly Published
2021-06-30 (about 4 years ago)
Added
2021-06-30 (about 4 years ago)
Last Updated
2021-06-30 (about 4 years ago)

Other

Published
Title
Published
2023-12-27
Title
Product Table by WBW < 1.8.7 - Cross-Site Request Forgery via saveGroup
Published
2024-05-31
Title
WP Logs Book <= 1.0.1 - Log Clearing via CSRF
Published
2025-02-24
Title
WP-PostRatings Cheater <= 1.5 - Cross-Site Request Forgery
Published
2024-01-30
Title
BizPrint < 4.5.4 - Printer Settings Update via CSRF
Published
2023-12-27
Title
HT Mega < 2.3.4 - Arbitrary Plugin/Theme Activation via CSRF