WordPress Plugin Vulnerabilities

Zephyr Project Manager < 3.3.94 - Plugin Data Deletion via CSRF

Description

The plugin does not have CSRF check when deleting its data, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Affects Plugins

Plugin icon
zephyr-project-manager
Fixed in 3.3.94

References

CVE
CVE-2023-34373

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Theodoros Malachias
Verified
No
WPVDB ID
a2905c3d-ed8e-442e-a0d7-9b504fedad47

Timeline

Publicly Published
2023-06-13 (about 2 years ago)
Added
2023-06-19 (about 2 years ago)
Last Updated
2023-06-19 (about 2 years ago)

Other

Published
Title
Published
2025-10-02
Title
ContentMX Content Publisher < 1.0.7 - Cross-Site Request Forgery
Published
2024-12-12
Title
CRUDLab Google Plus Button <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-08-11
Title
SB Child List <= 4.5 - Settings Update via CSRF
Published
2023-02-06
Title
0mk Shortener <= 0.2 - Stored XSS via CSRF
Published
2014-08-01
Title
Nightlife by Templatic - CSRF File Upload