WordPress Plugin Vulnerabilities

NitroPack < 1.10.3 - Multiple CSRF

Description

The plugin does not have CSRF checks in various functions places, which could allow attackers to make logged in admins perform unwanted actions via CSRF attacks

Affects Plugins

Plugin icon
nitropack
Fixed in 1.10.3

References

CVE
CVE-2023-52121
URL
https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-10-2-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Brandon Roldan
Verified
No
WPVDB ID
9ebc2c41-24e0-4a9b-9046-91ba95a705e8

Timeline

Publicly Published
2023-12-28 (about 2 years ago)
Added
2024-01-05 (about 2 years ago)
Last Updated
2024-01-05 (about 2 years ago)

Other

Published
Title
Published
2023-12-27
Title
Inline Image Upload for BBPress < 1.1.19 - Cross-Site Request Forgery via hm_bbpui_admin_page
Published
2025-01-16
Title
Rename Author Slug <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-09-09
Title
Mow < 4.11 - Cross-Site Request Forgery
Published
2023-11-14
Title
Welcart e-Commerce < 2.9.5 - Cross-Site Request Forgery
Published
2025-03-24
Title
Hacklog Remote Image Autosave <= 2.1.0 - Cross-Site Request Forgery