WordPress Plugin Vulnerabilities

Site Offline < 1.4.4 - Multiple Cross-Site Request Forgery

Description

The lack of CSRF checks could allow attackers to make a logged administrator change some of the plugin's settings.

Affects Plugins

Plugin icon
site-offline
Fixed in 1.4.4

References

CVE
CVE-2020-35773
URL
https://plugins.trac.wordpress.org/changeset/2445009

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
6.3 (medium)

Miscellaneous

Verified
No
WPVDB ID
c3184fa1-0cf5-4cf7-b3c1-b8ab1d5473e6

Timeline

Publicly Published
2020-12-29 (about 5 years ago)
Added
2020-12-29 (about 5 years ago)
Last Updated
2020-12-30 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Acunetix WP Security 4.0.3 - /wp-admin/admin.php wps-database Page Backup Generation CSRF Weakness
Published
2022-12-01
Title
Advanced Booking Calendar <= 1.7.1 - CSRF
Published
2022-11-28
Title
Manage Notification E-mails < 1.8.3 - Settings Reset via CSRF
Published
2023-03-10
Title
GiveWP < 2.25.2 - Cross-Site Request Forgery
Published
2024-03-01
Title
Complianz – GDPR/CCPA Cookie Consent < 7.0.0 - Cross-Site Request Forgery to Data Request Deletion