WordPress Plugin Vulnerabilities

DoFollow Case by Case < 3.5.0 - Email&URLs Adding to Allowlist via CSRF

Description

The plugin does not have CSRF checks in its getEmail and getUrl functions, which could allow attackers to make logged in admins add email and URLs to the allow list via CSRF attacks

Affects Plugins

Plugin icon
dofollow-case-by-case
Fixed in 3.5.0

References

CVE
CVE-2023-49197
URL
https://patchstack.com/database/vulnerability/dofollow-case-by-case/wordpress-dofollow-case-by-case-plugin-3-4-2-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Skalucy
Verified
No
WPVDB ID
77a45d28-dcea-4b2c-8ac3-560ee6d4a495

Timeline

Publicly Published
2023-09-22 (about 2 years ago)
Added
2023-12-12 (about 2 years ago)
Last Updated
2023-12-12 (about 2 years ago)

Other

Published
Title
Published
2025-09-05
Title
Popping Sidebars and Widgets Light <= 1.27 - Cross-Site Request Forgery
Published
2024-08-16
Title
WebinarPress < 1.33.21 - Cross-Site Request Forgery
Published
2025-01-08
Title
Woocommerce check pincode/zipcode for shipping <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
Published
2014-08-01
Title
SolveMedia 1.1.0 - plugins.php API Key Manipulation CSRF
Published
2025-01-16
Title
Better Protected Pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting