WordPress Plugin Vulnerabilities

Futurio Extra < 1.9.1 - Arbitrary Plugin Activation via CSRF

Description

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
futurio-extra
Fixed in 1.9.1

References

CVE
CVE-2023-40201

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
a5f6fce7-df9f-4ce4-92b3-3796fe2034b2

Timeline

Publicly Published
2023-08-11 (about 2 years ago)
Added
2023-10-10 (about 2 years ago)
Last Updated
2023-10-12 (about 2 years ago)

Other

Published
Title
Published
2023-04-14
Title
WP EasyPay < 4.1 - CSRF
Published
2023-07-31
Title
MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF
Published
2022-06-01
Title
Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF
Published
2019-10-14
Title
WordPress <= 5.2.3 - Admin Referrer Validation
Published
2022-07-19
Title
E Unlocked - Student Result <= 1.0.4 - Arbitrary File Upload via CSRF