WordPress Plugin Vulnerabilities

Daily Prayer Time < 2023.03.18 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
daily-prayer-time-for-mosques
Fixed in 2023.03.18

References

CVE
CVE-2023-27632

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
yuyudhn
Verified
No
WPVDB ID
96f847ca-6010-4335-8cf7-31691e2b0e6a

Timeline

Publicly Published
2023-03-08 (about 3 years ago)
Added
2023-06-22 (about 2 years ago)
Last Updated
2023-08-07 (about 2 years ago)

Other

Published
Title
Published
2023-06-23
Title
OOPSpam Anti-Spam < 1.1.45 - Cross-Site Request Forgery
Published
2026-02-02
Title
Mail Mint < 1.19.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-05-07
Title
WPSpeed < 2.6.6 - Cross-Site Request Forgery
Published
2024-06-26
Title
WP Tweet Walls < 1.0.4 - Cross-Site Request Forgery
Published
2024-12-12
Title
EELV Newsletter <= 4.8.2 - Cross-Site Request Forgery