WordPress Plugin Vulnerabilities

My Tickets < 1.9.11 - Bulk Emailing via CSRF

Description

The plugin does not have CSRF check when bulk emailing, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
my-tickets
Fixed in 1.9.11

References

CVE
CVE-2022-47440

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
rezaduty
Verified
No
WPVDB ID
bbb22cff-9914-4fd0-9a5b-a8c61bd4fb15

Timeline

Publicly Published
2023-02-14 (about 3 years ago)
Added
2023-03-13 (about 3 years ago)
Last Updated
2023-03-13 (about 3 years ago)

Other

Published
Title
Published
2024-02-16
Title
Microsoft Clarity < 0.9.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-06-13
Title
WP URL Shortener <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-08-07
Title
POEditor < 0.9.8 - Settings Reset via CSRF
Published
2021-02-08
Title
NextGen Gallery < 3.5.0 - CSRF allows File Upload
Published
2022-11-14
Title
Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF