WordPress Plugin Vulnerabilities

Justin Klein WP Social AutoConnect < 4.6.2 - Cross-Site Request Forgery

Description

The plugin does not use nonces to verify requests, making it vulnerable to Cross-Site Request Forgery (CSRF) attacks.

Affects Plugins

Plugin icon
wp-fb-autoconnect
Fixed in 4.6.2

References

CVE
CVE-2023-37974
URL
https://patchstack.com/database/vulnerability/wp-fb-autoconnect/wordpress-wp-social-autoconnect-plugin-4-6-1-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Nguyen Xuan Chien
Verified
No
WPVDB ID
6c53fffb-f76f-4caa-9cbc-15e754c0a8ef

Timeline

Publicly Published
2023-07-12 (about 2 years ago)
Added
2023-07-18 (about 2 years ago)
Last Updated
2023-07-18 (about 2 years ago)

Other

Published
Title
Published
2025-08-25
Title
Table Editor <= 1.6.4 - Cross-Site Request Forgery
Published
2024-02-07
Title
ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in disableOptimization
Published
2025-04-11
Title
Webcraftic Clearfy – WordPress optimization plugin < 2.3.2 - Cross-Site Request Forgery to Clear Cache
Published
2022-05-31
Title
Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF
Published
2021-08-19
Title
Donate With QRCode <= 1.4.5 - Plugin's Setting Update via CSRF