WordPress Plugin Vulnerabilities

WOLF < 1.0.7.1 - Profile Creation via CSRF

Description

The plugin does not have CSRF checks when creating profiles in its create_profile() function, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
bulk-editor
Fixed in 1.0.7.1

References

CVE
CVE-2023-34028

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
8dfb2ea9-a192-4280-a888-210bb956a3c4

Timeline

Publicly Published
2023-05-29 (about 2 years ago)
Added
2023-08-21 (about 2 years ago)
Last Updated
2023-08-21 (about 2 years ago)

Other

Published
Title
Published
2021-06-14
Title
Woocommerce Stock Manager < 2.6.0 - CSRF to Arbitrary File Upload
Published
2023-02-28
Title
Real Estate 7 < 3.3.5 - Reflected XSS
Published
2026-04-21
Title
Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form
Published
2023-06-02
Title
Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery (CSRF) to Stored XSS
Published
2023-10-06
Title
Urvanov Syntax Highlighter < 2.8.34 - Highlighting Blocks Mgt via CSRF