WordPress Plugin Vulnerabilities

WP Super Minify < 1.6 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
wp-super-minify
Fixed in 1.6

References

CVE
CVE-2023-27615

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
a446b6d3-9a00-4a08-abe9-a6565325ff50

Timeline

Publicly Published
2023-08-28 (about 2 years ago)
Added
2023-10-10 (about 2 years ago)
Last Updated
2023-10-10 (about 2 years ago)

Other

Published
Title
Published
2024-11-01
Title
SmartLink Dynamic URLs < 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-10-13
Title
IRivYou <= 2.2.1 - Arbitrary Settings Update via CSRF
Published
2025-06-19
Title
Bluff Post <= 1.1.1 - Cross-Site Request Forgery
Published
2019-05-26
Title
Affiliates Manager < 2.6.6 - CRSF Issues
Published
2019-07-23
Title
WPS Bidouille < 1.12.4 - Multiple Issues