WordPress Plugin Vulnerabilities

Korea SNS < 1.6.5 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
korea-sns
Fixed in 1.6.5

References

CVE
CVE-2023-47670
URL
https://patchstack.com/database/vulnerability/korea-sns/wordpress-korea-sns-plugin-1-6-3-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
LEE SE HYOUNG
Verified
No
WPVDB ID
94e53b2f-d232-4054-a440-952cec1ffeb5

Timeline

Publicly Published
2023-11-08 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-03-18 (about 2 years ago)

Other

Published
Title
Published
2025-01-07
Title
Admin debug wordpress – enable debug <= 1.0.13 - Cross-Site Request Forgery
Published
2024-12-16
Title
Tidy Up <= 1.3 - Cross-Site Request Forgery
Published
2022-05-11
Title
Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF
Published
2023-07-17
Title
FiveStarPlugins Restaurant Menu and Food Ordering < 2.4.7 - Cross-Site Request Forgery
Published
2024-11-22
Title
Favicon My Blog <= 1.0.2 - Cross-Site Request Forgery