WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Site Offline < 1.4.4 - Multiple Cross-Site Request Forgery

Description

The lack of CSRF checks could allow attackers to make a logged administrator change some of the plugin's settings.

Affects Plugins

site-offline
Fixed in version 1.4.4

References

CVE
CVE-2020-35773
URL
https://plugins.trac.wordpress.org/changeset/2445009

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Verified

No

WPVDB ID
c3184fa1-0cf5-4cf7-b3c1-b8ab1d5473e6

Timeline

Publicly Published

2020-12-29 (about 2 years ago)

Added

2020-12-29 (about 2 years ago)

Last Updated

2020-12-30 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin