WordPress Plugin Vulnerabilities

Mang Board WP < 1.8.2 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
mangboard
Fixed in 1.8.2

References

CVE
CVE-2023-44257
URL
https://patchstack.com/database/vulnerability/mangboard/wordpress-mang-board-wp-plugin-1-7-6-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rio Darmawan
Verified
No
WPVDB ID
6d8ed880-4efb-42fb-a1d9-e60be4a206cd

Timeline

Publicly Published
2023-09-27 (about 2 years ago)
Added
2023-10-10 (about 2 years ago)
Last Updated
2024-03-11 (about 2 years ago)

Other

Published
Title
Published
2016-04-05
Title
Lightbox Plus < 2.8 - CSRF to XSS
Published
2011-03-17
Title
WP Related Posts <= 1.0 - Multiple CSRF
Published
2025-06-05
Title
Calculated Fields Form < 5.3.59 - Cross-Site Request Forgery
Published
2015-03-10
Title
Fraction Theme < 1.1.2 - Privilege Escalation
Published
2025-01-16
Title
Book a Place <= 0.7.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting