WordPress Plugin Vulnerabilities

Localize Remote Images <= 1.0.9 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
localize-remote-images
No known fix

References

CVE
CVE-2023-41244

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Lokesh Dachepalli
Verified
No
WPVDB ID
a5b43cd7-06d2-4bc6-b4b3-b5bf97e8ffe8

Timeline

Publicly Published
2023-08-29 (about 2 years ago)
Added
2023-10-12 (about 2 years ago)
Last Updated
2023-10-12 (about 2 years ago)

Other

Published
Title
Published
2023-12-01
Title
Abandoned Cart Lite for WooCommerce < 5.16.2 - Multiple CSRF
Published
2023-09-29
Title
FooGallery < 2.3.2 - Extensions Mgt via CSRF
Published
2021-07-05
Title
Woo MerchantX <= 1.0 - CSRF Bypass
Published
2022-01-31
Title
Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF
Published
2023-05-11
Title
Dyslexiefont Free <= 1.0.0 - CSRF