WordPress Plugin Vulnerabilities

DeepL Pro API translation < 2.4.1.2 - Log Pruning via CSRF

Description

The plugin does not have CSRF checks when pruning logs, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
wpdeepl
Fixed in 2.4.1.2

References

CVE
CVE-2023-46620
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/b60cb1af-c9f3-4cea-9699-d66a52eb87eb

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (Medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
8b7c9c30-00a5-4aa7-9c11-02beca4f9f26

Timeline

Publicly Published
2023-10-25 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-12-04 (about 2 years ago)

Other

Published
Title
Published
2022-10-31
Title
Mantenimiento web < 0.14 - Stored XSS via CSRF
Published
2024-08-22
Title
Visual Sound <= 1.03 - Settings Update via CSRF
Published
2014-08-01
Title
Easy Media Gallery 1.2.25 - includes/emg-settings.php spg_add_admin Function Admin User Creation CSRF
Published
2020-04-07
Title
WP Lead Plus X <= 0.99 - Multiple Cross-Site Request Forgery (CSRF)
Published
2016-02-16
Title
ALO EasyMail Newsletter < 2.7.0 - Cross-Site Request Forgery (CSRF)