WordPress Plugin Vulnerabilities

CSS JS Manager < 2.4.49.1 - Multiple CSRF

Description

The plugin does not have CSRF checks in various AJAX actions (such as add_resource, delete_resource etc), which could allow attackers to make logged in admin call them via CSRF attacks

Affects Plugins

Plugin icon
css-js-manager
Fixed in 2.4.49.1

References

CVE
CVE-2022-47154

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
rezaduty
Verified
No
WPVDB ID
7744387a-e176-4313-9713-7cec20dcee92

Timeline

Publicly Published
2023-02-20 (about 3 years ago)
Added
2023-03-14 (about 3 years ago)
Last Updated
2023-03-14 (about 3 years ago)

Other

Published
Title
Published
2025-03-11
Title
W3Counter Free Real-Time Web Stats <= 4.1 - Cross-Site Request Forgery
Published
2025-05-16
Title
Import Export For WooCommerce <= 1.6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-04-25
Title
CheckBot <= 1.05 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-04-09
Title
WP shop <= 2.6.1 - Arbitrary File Upload via CSRF
Published
2023-11-28
Title
Ecwid Ecommerce Shopping Cart < 6.12.5 - Cross-Site Request Forgery