WPAdmin AWS CDN < 3.0.0 – Cross-Site Request Forgery | CVE 2023-37889

Affects Plugins

Fixed in 3.0.0

References

CVE

CVE-2023-37889

URL

https://patchstack.com/database/vulnerability/aws-cdn-by-wpadmin/wordpress-wpadmin-aws-cdn-plugin-2-0-13-cross-site-request-forgery-csrf

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Mika

Verified

No

WPVDB ID

c19bf203-21e0-4029-ab10-c590bb8edbec

Timeline

Publicly Published

2023-07-11 (about 2 years ago)

Added

2023-07-18 (about 2 years ago)

Last Updated

2023-08-10 (about 2 years ago)

Other

Published

Title

Published

2025-09-26

Title

W3SCloud Contact Form 7 to Zoho CRM <= 3.0 - Cross-Site Request Forgery

Published

2025-11-12

Title

Online Booking & Scheduling Calendar for WordPress by vcita < 4.6.0 - Cross-Site Request Forgery

Published

2025-01-16

Title

Add RSS <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2024-05-27

Title

Integration for Contact Form 7 and Constant Contact < 1.1.6 - CSRF

Published

2024-12-12

Title

Simple Booking Widget <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting