WordPress Plugin Vulnerabilities

New Adman <= 1.6.8 - Settings Update via CSRF

Description

The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged in users perform such action via a CSRF attack

Affects Plugins

Plugin icon
new-adman
No known fix

References

CVE
CVE-2023-27441

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rio Darmawan
Verified
No
WPVDB ID
a6ddba93-47d2-4b46-83ff-d7dcdc1d0378

Timeline

Publicly Published
2023-03-03 (about 3 years ago)
Added
2023-06-21 (about 2 years ago)
Last Updated
2023-06-22 (about 2 years ago)

Other

Published
Title
Published
2025-12-31
Title
Gmail SMTP <= 1.0.7 - Cross-Site Request Forgery
Published
2020-02-24
Title
Ultimate Membership Pro < 8.7 - Cross-Site Request Forgery allowing Arbitrary Account Deletion and Creation
Published
2023-12-27
Title
Paid Member Subscriptions < 2.10.5 - Cross-Site Request Forgery via ajax_add_log_entry
Published
2024-06-28
Title
Coachify < 1.0.8 - Cross-Site Request Forgery to Notice Dismissal
Published
2024-11-10
Title
Connexion Logs <= 3.0.2 - Log Deletion via CSRF