WordPress Plugin Vulnerabilities

Auto Prune Posts < 2.0.0 - Post Deletion Settings Update via CSRF

Description

The plugin does not have CSRF check when updating its Post deletion settings, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
auto-prune-posts
Fixed in 2.0.0

References

CVE
CVE-2023-27423

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
c0d85fd8-a5a8-41f3-8506-e2b7a887bf0c

Timeline

Publicly Published
2023-03-10 (about 3 years ago)
Added
2023-05-18 (about 2 years ago)
Last Updated
2023-05-18 (about 2 years ago)

Other

Published
Title
Published
2023-11-27
Title
teachPress < 9.0.5 - Cross-Site Request Forgery
Published
2024-07-05
Title
Master Slider < 3.10.0 - CSRF to slider deletion
Published
2025-06-05
Title
Market Exporter < 2.0.23 - Cross-Site Request Forgery
Published
2025-08-22
Title
Restore Permanently delete Post or Page Data <= 1.0 - Cross-Site Request Forgery
Published
2022-07-22
Title
Stockists Manager for Woocommerce <= 1.0.2.1 - Stored Cross-Site Scripting via CSRF