WordPress Plugin Vulnerabilities

WP Google My Business Auto Publish < 3.8 - Multiple CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete transients and update post metadata via CSRF attacks

Affects Plugins

Plugin icon
wp-google-my-business-auto-publish
Fixed in 3.8

References

CVE
CVE-2023-47237

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Brandon Roldan
Verified
No
WPVDB ID
8e2ea2a6-d181-4fc7-b698-d88c9619066e

Timeline

Publicly Published
2023-11-02 (about 2 years ago)
Added
2023-11-14 (about 2 years ago)
Last Updated
2023-11-14 (about 2 years ago)

Other

Published
Title
Published
2025-05-07
Title
WP Podcasts Manager < 1.4 - Cross-Site Request Forgery
Published
2023-04-04
Title
Comment Reply Notification <= 1.4 - Cross-Site Request Forgery
Published
2024-03-25
Title
Smart Forms < 2.6.94 - Edit Entries via CSRF
Published
2023-10-13
Title
IRivYou <= 2.2.1 - Arbitrary Settings Update via CSRF
Published
2025-04-24
Title
Print Science Designer <= 1.3.155 - Cross-Site Request Forgery to Stored Cross-Site Scripting