WordPress Plugin Vulnerabilities

WOLF < 1.0.7.1 - Profile Creation via CSRF

Description

The plugin does not have CSRF checks when creating profile, which could allow attackers to make logged in admins create arbitrary profiles via a CSRF attack

Affects Plugins

Plugin icon
bulk-editor
Fixed in 1.0.7.1

References

CVE
CVE-2023-34028

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
6b93c0cc-45ef-4999-b626-155efc97cf91

Timeline

Publicly Published
2023-05-29 (about 2 years ago)
Added
2023-06-22 (about 2 years ago)
Last Updated
2023-06-22 (about 2 years ago)

Other

Published
Title
Published
2023-11-21
Title
Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF
Published
2023-02-20
Title
Multiple Page Generator Plugin - MPG < 3.3.10 - Multiple CSRF
Published
2025-09-24
Title
Di Themes Demo Site Importer <= 1.2 - Cross-Site Request Forgery
Published
2025-02-03
Title
Easy Related Posts <= 2.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-11-16
Title
Easy Call Now by ThikShare <= 1.1.0 - Cross-Site Request Forgery via settings_page