Shortcode IMDB <= 6.0.8 – Cross-Site Request Forgery | CVE 2023-37892

Affects Plugins

No known fix

References

CVE

CVE-2023-37892

URL

https://patchstack.com/database/vulnerability/shortcode-imdb/wordpress-shortcode-imdb-plugin-6-0-8-cross-site-request-forgery-csrf

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

yuyudhn

Verified

No

WPVDB ID

b682ce8e-e183-47bf-8b09-ed7d3b3d21ef

Timeline

Publicly Published

2023-07-11 (about 2 years ago)

Added

2023-07-18 (about 2 years ago)

Last Updated

2023-07-18 (about 2 years ago)

Other

Published

Title

Published

2025-05-07

Title

Seznam Webmaster < 1.4.8 - Cross-Site Request Forgery

Published

2023-04-25

Title

Tiempo.com <= 0.1.2 - Shortcode Deletion via CSRF

Published

2024-12-12

Title

Like in Vk.com <= 0.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2023-08-21

Title

DX-auto-save-images <= 1.4.0 - CSRF

Published

2023-04-13

Title

CoSchedule < 3.3.9 - CSRF