WordPress Plugin Vulnerabilities

WP Page Widget < 4.0 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
wp-page-widget
Fixed in 4.0

References

CVE
CVE-2022-32587

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
6d62a329-5379-4144-9731-87748b2a6f2f

Timeline

Publicly Published
2022-09-26 (about 3 years ago)
Added
2022-11-08 (about 3 years ago)
Last Updated
2022-11-08 (about 3 years ago)

Other

Published
Title
Published
2024-12-12
Title
AppMaps <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-07-11
Title
WooCommerce Customers Manager < 30.1 - Bulk Action via CSRF
Published
2024-08-26
Title
WP Armour Extended < 1.32 - Cross-Site Request Forgery
Published
2024-11-22
Title
Multi Feed Reader <= 2.2.4 - Cross-Site Request Forgery
Published
2026-04-21
Title
Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form