WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Redux Framework 4.1.22 - 4.1.23 - CSRF Nonce Validation Bypass

Description

The plugin re-introduced a CSRF bypass issue in v4.1.22, as the nonce is only checked if present in the request.

Affects Plugins

redux-framework
Fixed in version 4.1.24

References

URL
https://plugins.trac.wordpress.org/changeset/2437953/redux-framework/trunk/redux-core/inc/classes/class-redux-ajax-save.php?old=2405408

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

ErwanLR

Verified

Yes

WPVDB ID
ad9a190b-3bb6-4589-84e7-43372615588f

Timeline

Publicly Published

2020-12-15 (about 2 years ago)

Added

2020-12-15 (about 2 years ago)

Last Updated

2020-12-16 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin