WordPress Plugin Vulnerabilities

Post View Count < 2.0.1 - Post View Data Reset via CSRF

Description

The plugin does not have CSRF checks when reseting its Post view data, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
wp-simple-post-view
Fixed in 2.0.1

References

CVE
CVE-2023-44996
URL
https://patchstack.com/database/vulnerability/wp-simple-post-view/wordpress-post-view-count-plugin-1-8-2-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rio Darmawan
Verified
Yes
WPVDB ID
71802be9-aa4e-43f0-86d7-2f4378ee096b

Timeline

Publicly Published
2023-10-03 (about 2 years ago)
Added
2023-10-11 (about 2 years ago)
Last Updated
2024-02-12 (about 2 years ago)

Other

Published
Title
Published
2024-03-19
Title
Woomotiv < 3.5.0 - Review Count Reset via CSRF
Published
2023-11-28
Title
Ecwid Ecommerce Shopping Cart < 6.12.5 - Cross-Site Request Forgery
Published
2024-04-10
Title
Calendarista Basic Edition < 3.0.3 - Cross-Site Request Forgery
Published
2023-09-13
Title
10Web Map Builder for Google Maps < 1.0.74 - Cross-Site Request Forgery to Notice Dismissal
Published
2024-11-13
Title
SK WP Settings Backup <= 1.0 - Cross-Site Request Forgery to PHP Object Injection