WordPress Plugin Vulnerabilities

SiteAlert (Formerly WP Health) <= 1.9.8 - Cross-Site Request Forgery

Description

The plugin does not adequately validate incoming requests using nonces, leading to a Cross-Site Request Forgery (CSRF) vulnerability.

Affects Plugins

Plugin icon
my-wp-health-check
No known fix

References

CVE
CVE-2022-46857
URL
https://patchstack.com/database/vulnerability/my-wp-health-check/wordpress-sitealert-uptime-speed-and-security-monitoring-for-wordpress-plugin-1-9-7-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Cat
Verified
No
WPVDB ID
74e8b31f-fe72-42bc-a51c-2ccd1030ddf4

Timeline

Publicly Published
2023-04-19 (about 3 years ago)
Added
2023-07-18 (about 2 years ago)
Last Updated
2025-02-06 (about 1 year ago)

Other

Published
Title
Published
2024-04-12
Title
Zoho Campaigns < 2.0.8 - Cross-Site Request Forgery via zcwc_optin_save
Published
2022-02-14
Title
WP-Matomo Integration (WP-Piwik) < 1.0.27 - Plugin Settings Reset via CSRF
Published
2021-04-12
Title
Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
Published
2025-06-19
Title
Bluff Post <= 1.1.1 - Cross-Site Request Forgery
Published
2024-11-04
Title
WooCommerce Report < 1.5.2 - Cross-Site Request Forgery to Arbitrary Options Update