WordPress Plugin Vulnerabilities

AZIndex <= 0.8.1 - Index Deletion via CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admin delete arbitrary indexes via a CSRF attack

Proof of Concept

Affects Plugins

Plugin icon
azindex
No known fix

References

CVE
CVE-2024-7688

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Bob Matyas
Submitter
Bob Matyas
Submitter website
https://www.bobmatyas.com
Submitter twitter
bobmatyas
Verified
Yes
WPVDB ID
6c1d4354-b88b-46ca-b25a-efb9518f4955

Timeline

Publicly Published
2024-08-19 (about 1 year ago)
Added
2024-08-19 (about 1 year ago)
Last Updated
2024-08-19 (about 1 year ago)

Other

Published
Title
Published
2021-12-29
Title
Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF
Published
2024-12-19
Title
Wtyczka SeoPilot dla WP <= 3.3.091 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-12-02
Title
Quiz Maker < 6.7.0.83 - Cross-Site Request Forgery
Published
2021-07-05
Title
Locations < 4.0 - Cross-Site Request Forgery
Published
2025-08-15
Title
WP Discord Post Plus <= 1.0.2 - Cross-Site Request Forgery