WordPress Plugin Vulnerabilities

Travelpayouts < 1.0.17 - CSRF Bypass due to Outdated Redux Framework

Description

The plugin is using an outdated version of the Redux Framework (4.1.17), which is affected by CSRF bypass issues due to a logic flaw in the checks, allowing attacker to make logged in do unwanted actions

Affects Plugins

Plugin icon
travelpayouts
Fixed in 1.0.17

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
75758ec1-7b64-48f1-924c-cbc7b4984e6b

Timeline

Publicly Published
2021-09-13 (about 4 years ago)
Added
2021-09-13 (about 4 years ago)
Last Updated
2021-09-13 (about 4 years ago)

Other

Published
Title
Published
2024-04-12
Title
BEAF < 4.5.5 - Cross-Site Request Forgery to Notice Dismissal
Published
2015-06-19
Title
Google Analyticator <= 6.4.9.3 - Cross-Site Request Forgery (CSRF)
Published
2025-06-05
Title
Simple Keyword to Link <= 1.5 - Cross-Site Request Forgery
Published
2022-01-24
Title
Access Demo Importer < 1.0.8 - Data Reset via CSRF
Published
2021-05-05
Title
Parcel Tracker eCourier < 1.0.2 - Plugin's Settings Update via CSRF