WordPress Plugin Vulnerabilities

Portfolio 1.0 - Cross-Site Request Forgery (CSRF)

Description

The Portfolio Plugin WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
portfolio-by-lisa-westlund
Fixed in 1.1

References

CVE
CVE-2015-6523
URL
https://packetstormsecurity.com/files/#132765/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
9eb615dc-518a-4fe2-8f5f-472b5fe7d108

Timeline

Publicly Published
2015-07-20 (about 10 years ago)
Added
2015-07-21 (about 10 years ago)
Last Updated
2019-10-22 (about 6 years ago)

Other

Published
Title
Published
2014-12-15
Title
O2tweet <= 0.0.4 - Multiple CSRF
Published
2025-02-03
Title
GlobalQuran <= 1.0 - Cross-Site Request Forgery to Settings Update
Published
2024-06-20
Title
Ali2Woo Lite < 3.4.7 - Stored XSS via CSRF
Published
2022-09-11
Title
RD Station < 5.2.1 - Multiple CSRF
Published
2023-11-21
Title
WP All Export (Free < 1.4.1, Pro < 1.8.6) - Author+ PHAR Deserialization via CSRF