WordPress Plugin Vulnerabilities

REST API Authentication < 2.4.1 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
wp-rest-api-authentication
Fixed in 2.4.1

References

CVE
CVE-2022-45073

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
840ad171-145e-4ef8-bc05-06fee7af8e98

Timeline

Publicly Published
2022-11-09 (about 3 years ago)
Added
2022-11-19 (about 3 years ago)
Last Updated
2022-11-19 (about 3 years ago)

Other

Published
Title
Published
2016-08-08
Title
Add From Server < 3.3.2 - Cross-Site Request Forgery (CSRF)
Published
2022-02-16
Title
Powerkit < 2.5.9 - Post Views Settings Update/Reset via CSRF
Published
2024-03-28
Title
Ninja Forms Contact Form < 3.8.1 - Publicly Accessible Form Submission Export via CSRF
Published
2015-05-05
Title
WP Ultimate CSV Importer < 3.7.3 - Various CSRF
Published
2025-04-09
Title
Custom Posts Order <= 4.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting