WordPress Plugin Vulnerabilities

Video Contest WordPress <= 3.2 - Cross-Site Request Forgery

Description

The plugin does not adequately verify requests use nonces, leaving it susceptible to Cross-Site Request Forgery (CSRF) attacks.

Affects Plugins

Plugin icon
video-contest
No known fix

References

CVE
CVE-2022-45823
URL
https://patchstack.com/database/vulnerability/video-contest/wordpress-video-contest-wordpress-plugin-plugin-3-2-cross-site-request-forgery-csrf

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Cat
Verified
No
WPVDB ID
814a9f42-7056-46fe-880a-9699726a786c

Timeline

Publicly Published
2023-05-25 (about 2 years ago)
Added
2023-07-11 (about 2 years ago)
Last Updated
2023-07-11 (about 2 years ago)

Other

Published
Title
Published
2023-06-13
Title
Zephyr Project Manager < 3.3.94 - Plugin Data Deletion via CSRF
Published
2025-07-30
Title
Product Configurator for WooCommerce < 1.5.0 - Cross-Site Request Forgery
Published
2025-04-09
Title
Chat2 < 4.1 - Stored XSS via CSRF
Published
2023-11-29
Title
Debug Log Manager < 2.2.2 - Debug Log Clearing via CSRF
Published
2024-02-22
Title
Colibri WP < 1.0.101 - Cross-Site Request Forgery to Limited Plugin Installation