WordPress Plugin Vulnerabilities

Rich Reviews <= 1.9.19 - Arbitrary Reviews Deletion via CSRF

Description

The plugin does not have CSRF in place when deleting reviews, w which could allow attackers to make a logged in admin delete them via a CSRF attack

Affects Plugins

Plugin icon
rich-reviews
No known fix

References

CVE
CVE-2021-36861

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Ngo Van Thien
Verified
No
WPVDB ID
be86eb8b-3627-4580-a4b9-97ac8486e58c

Timeline

Publicly Published
2022-08-01 (about 3 years ago)
Added
2022-08-06 (about 3 years ago)
Last Updated
2023-07-31 (about 2 years ago)

Other

Published
Title
Published
2026-05-13
Title
LatePoint < 5.4.0 - Cross-Site Request Forgery via 'customer_cabinet__request_cancellation' AJAX Route
Published
2025-03-24
Title
AlphaOmega Captcha & Anti-Spam Filter <= 3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2022-09-14
Title
Rate my Post < 3.3.5 - Cross-Site Request Forgery
Published
2023-10-06
Title
Laposta Signup Basic < 1.4.2 - CSRF
Published
2025-02-03
Title
Quote Comments <= 3.0.0 - Stored XSS via CSRF