WordPress Plugin Vulnerabilities

Custom Simple RSS <= 2.0.6 - CSRF

Description

CSRF issue in the Custom Simple Rss Plugin

Proof of Concept

Affects Plugins

Plugin icon
custom-simple-rss
Fixed in 2.0.7

References

CVE
CVE-2019-14327

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
rubyman
Submitter
rubyman
Submitter website
https://www.linkedin.com/in/mehdi-esmaeilpour-a9b633141/
Submitter twitter
https://twitter.com/rrubymann
Verified
No
WPVDB ID
88c64002-88c8-4ec3-a134-1cdc370484cc

Timeline

Publicly Published
2019-07-27 (about 6 years ago)
Added
2019-07-27 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Digg Digg 5.3.4 - Setting Manipulation CSRF
Published
2024-01-30
Title
BizPrint < 4.5.4 - Printer Settings Update via CSRF
Published
2015-04-02
Title
WordPress Video Gallery <= 2.8 - Multiple Cross-Site Request Forgery (CSRF)
Published
2025-04-01
Title
Feedbucket < 1.0.7 - Cross-Site Request Forgery
Published
2025-01-07
Title
Pretty Url <= 1.5.5 - Cross-Site Request Forgery