WP Full Stripe Free < 7.0.18 – Settings Update via CSRF | CVE 2023-47667

Affects Plugins

Fixed in 7.0.18

References

CVE

CVE-2023-47667

URL

https://patchstack.com/database/vulnerability/wp-full-stripe-free/wordpress-wp-full-stripe-free-plugin-1-6-1-cross-site-request-forgery-csrf-vulnerability

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

LEE SE HYOUNG

Verified

No

WPVDB ID

af86b6e1-963b-4614-b05b-245a930e1eb6

Timeline

Publicly Published

2023-11-08 (about 2 years ago)

Added

2023-11-23 (about 2 years ago)

Last Updated

2024-05-23 (about 1 year ago)

Other

Published

Title

Published

2025-10-23

Title

IndieAuth < 4.5.5 - Cross-Site Request Forgery to Account Takeover via Stolen OAuth Tokens

Published

2023-03-16

Title

Event Manager for WooCommerce < 3.7.8 - Cross-Site Request Forgery (CSRF)

Published

2025-06-05

Title

Advanced Post List <= 0.5.6.2 - Cross-Site Request Forgery

Published

2024-04-11

Title

Before And After <= 3.9 - Cross-Site Request Forgery

Published

2025-08-19

Title

Backup Bolt <= 1.4.1 - Cross-Site Request Forgery