WordPress Plugin Vulnerabilities

Exclusive Addons Elementor < 2.6.2 - Arbitrary Uninstall Reason Feedback via CSRF

Description

The plugin does not have CSRF check when sending the uninstall reason as feedback, which could allow attackers to make logged in users perform such action via a CSRF attack

Affects Plugins

Plugin icon
exclusive-addons-for-elementor
Fixed in 2.6.2

References

CVE
CVE-2022-45067

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
c24871b7-0dbf-44c6-a43c-03b08d8481f6

Timeline

Publicly Published
2023-01-27 (about 3 years ago)
Added
2023-02-02 (about 3 years ago)
Last Updated
2023-02-02 (about 3 years ago)

Other

Published
Title
Published
2024-07-08
Title
Generate PDF using Contact Form 7 < 4.1.3 - Cross-Site Request Forgery to Arbitrary File Deletion
Published
2023-10-22
Title
Smooth Scroll Links <= 1.1.0 - Arbitrary Settings Update via CSRF
Published
2024-01-26
Title
Formidable Forms < 6.8 - CSRF to Stored Cross-Site Scripting
Published
2015-08-21
Title
WP Google Map Plugin < 2.3.10 - Multiple CSRF
Published
2023-12-07
Title
Caddy < 1.9.8 - Cross-Site Request Forgery