WordPress Plugin Vulnerabilities

Responsive Gallery Grid < 2.3.14 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
responsive-gallery-grid
Fixed in 2.3.14

References

CVE
CVE-2023-41659
URL
https://patchstack.com/database/vulnerability/responsive-gallery-grid/wordpress-responsive-gallery-grid-plugin-2-3-10-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rio Darmawan
Verified
No
WPVDB ID
b2d61a66-a08f-4815-92f6-db2f124a2504

Timeline

Publicly Published
2023-09-01 (about 2 years ago)
Added
2023-10-10 (about 2 years ago)
Last Updated
2024-03-18 (about 2 years ago)

Other

Published
Title
Published
2024-02-09
Title
Basic Log Viewer <= 1.0.4 - Cross-Site Request Forgery via wpst_lw_viewer
Published
2021-10-19
Title
Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF)
Published
2023-07-19
Title
GTmetrix for WordPress < 0.4.8 - Arbitrary Post Deletion via CSRF
Published
2024-01-02
Title
WP 2FA < 2.6.0 - Arbitrary Email Sending via CSRF
Published
2023-09-04
Title
Leadster < 1.1.3 - Settings Update via CSRF