WordPress Plugin Vulnerabilities

Admin Block Country <= 7.1.4 - Cross-Site Request Forgery (CSRF)

Description

The plugin does not protect some of its actions in the admin_block_country_initial_page function against CSRF attacks, allowing an attacker to modify country blocks or methods on their behalf by tricking a logged in administrator to submit a crafted request.

Affects Plugins

Plugin icon
admin-block-country
No known fix

References

CVE
CVE-2023-24007
URL
https://patchstack.com/database/vulnerability/admin-block-country/wordpress-admin-block-country-plugin-7-1-4-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
b5e051d8-e326-4e80-8e8c-32bc03da7aae

Timeline

Publicly Published
2023-02-23 (about 3 years ago)
Added
2023-05-29 (about 2 years ago)
Last Updated
2023-05-29 (about 2 years ago)

Other

Published
Title
Published
2025-03-27
Title
Float menu < 6.1.3 - Cross-Site Request Forgery to Settings Update
Published
2024-07-20
Title
GamiPress - Reset User <= 1.0.0 - GamiPress User Data Removal via CSRF
Published
2025-03-31
Title
DesignO <= 2.5.0 - Cross-Site Request Forgery
Published
2024-08-29
Title
Tourfic < 2.11.21 - Cross-Site Request Forgery in Multiple Functions
Published
2023-03-10
Title
Mass Delete Unused Tags < 3.0.0 - Tags Deletion via CSRF