WordPress Plugin Vulnerabilities

Zlick Paywall < 2.2.2 - CSRF Bypasses

Description

The plugin had CSRF logic flaws, which could allow attackers to bypass the CSRF in place, by either providing a dummy nonce, or no nonce at all in the requests (depending on the affected method)

Affects Plugins

zlick-paywall

Fixed in version 2.2.2

References

URL

https://plugins.trac.wordpress.org/changeset/2527150/

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

c13a0932-ec35-414a-af4b-8115281b5590

Timeline

Publicly Published

2021-05-08 (about 2 years ago)

Added

2021-05-08 (about 2 years ago)

Last Updated

2021-05-08 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin