WordPress Plugin Vulnerabilities

NOO Timetable <= 2.1.3 - Cross-Site Request Forgery

Description

The plugin does not adequately verify incoming requests using nonces, leading to potential Cross-Site Request Forgery vulnerabilities.

Affects Plugins

Plugin icon
noo-timetable
No known fix

References

CVE
CVE-2022-45828
URL
https://patchstack.com/database/vulnerability/noo-timetable/wordpress-noo-timetable-responsive-calendar-auto-sync-wordpress-plugin-plugin-2-1-3-cross-site-request-forgery-csrf

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Cat
Verified
No
WPVDB ID
730a6000-cafb-4aa5-becb-d9748528b7fa

Timeline

Publicly Published
2023-06-27 (about 2 years ago)
Added
2023-07-18 (about 2 years ago)
Last Updated
2023-07-18 (about 2 years ago)

Other

Published
Title
Published
2025-01-24
Title
Essential Real Estate < 5.1.9 - Cross-Site Request Forgery
Published
2025-07-21
Title
Like & Share My Site <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-07-23
Title
Affiliate Plus <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-03-27
Title
ValidateCertify < 1.6.2 - Cross-Site Request Forgery
Published
2025-09-26
Title
Post Featured Video <= 1.7 - Cross-Site Request Forgery