WordPress Plugin Vulnerabilities

Educare - Students & Result Management System < 1.4.4 - Cross-Site Request Forgery (CSRF)

Description

The plugin does not protect some of its actions against CSRF attacks, allowing an attacker to perform actions on their behalf by tricking a logged in high privileged user to submit a crafted request.

Affects Plugins

Plugin icon
educare
Fixed in 1.4.4

References

CVE
CVE-2023-25971
URL
https://patchstack.com/database/vulnerability/educare/wordpress-educare-students-result-management-system-plugin-1-4-1-cross-site-request-forgery-csrf

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
NeginNrb
Verified
No
WPVDB ID
bd88884c-768f-4548-a942-ec28fb68cc68

Timeline

Publicly Published
2023-02-21 (about 3 years ago)
Added
2023-05-30 (about 2 years ago)
Last Updated
2023-08-07 (about 2 years ago)

Other

Published
Title
Published
2024-05-07
Title
Joli FAQ SEO – WordPress FAQ Plugin < 1.3.3 - Cross-Site Request Forgery
Published
2025-04-01
Title
WP Profitshare <= 1.4.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-01-03
Title
Scratch & Win – Giveaways and Contests < 2.8.0 - Cross-Site Request Forgery via reset_installation Function
Published
2024-12-16
Title
SMS for WooCommerce < 2.8.1.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
Published
2023-02-17
Title
Extensions For CF7 < 2.0.9 - Arbitrary Plugin Activation via CSRF