WordPress Plugin Vulnerabilities

WP Hide Post <= 2.0.10 - Arbitrary Post Hiding via CSRF

Description

The plugin does not have CSRF check the n hiding posts in bulk, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
wp-hide-post
No known fix

References

CVE
CVE-2023-34378

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
bb07b544-cf0f-4754-af39-c8e66e940ab5

Timeline

Publicly Published
2023-06-03 (about 2 years ago)
Added
2023-11-13 (about 2 years ago)
Last Updated
2023-11-13 (about 2 years ago)

Other

Published
Title
Published
2025-09-22
Title
Current Age Plugin < 1.7 - Cross-Site Request Forgery
Published
2025-06-19
Title
JobWP < 2.4.1 - Cross-Site Request Forgery
Published
2025-04-09
Title
User Session Synchronizer <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2022-08-01
Title
Download Manager < 3.2.49 - Multiple CSRF
Published
2024-02-07
Title
ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in disableOptimization