WordPress Plugin Vulnerabilities

Pz-LinkCard < 2.5.3 - Caching Management via CSRF

Description

The plugin does not have CSRF checks when managing the caching feature, which could allow attackers to make logged in admin perform unwanted actions via CSRF attacks

Affects Plugins

Plugin icon
pz-linkcard
Fixed in 2.5.3

References

CVE
CVE-2023-47790
URL
https://patchstack.com/database/vulnerability/pz-linkcard/wordpress-pz-linkcard-plugin-2-4-8-cross-site-request-forgery-csrf-to-xss-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Le Ngoc Anh
Verified
No
WPVDB ID
b3bb07d0-6b25-4709-9403-693dc19abf1f

Timeline

Publicly Published
2023-11-14 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-03-19 (about 2 years ago)

Other

Published
Title
Published
2025-02-24
Title
WP-PostRatings Cheater <= 1.5 - Cross-Site Request Forgery
Published
2024-12-18
Title
Wayne Audio Player <= 1.0 - Cross-Site Request Forgery to Privilege Escalation
Published
2023-12-04
Title
CSprite <= 1.1 - Cross-Site Request Forgery
Published
2023-12-26
Title
Customize My Account for WooCommerce < 1.8.4 - Cross-Site Request Forgery via restore_my_account_tabs
Published
2014-12-14
Title
Yurl Retwitt <= 1.4 - Multiple CSRF