WordPress Plugin Vulnerabilities

Metronet Tag Manager < 1.2.9 - Cross-Site Request Forgery (CSRF)

Description

The Metronet Tag Manager WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
metronet-tag-manager
Fixed in 1.2.9

References

URL
https://advisories.dxw.com/advisories/csrf-metronet-tag-manager/
URL
https://plugins.trac.wordpress.org/changeset/1863885/metronet-tag-manager
URL
https://seclists.org/fulldisclosure/2018/May/36

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
Ryan
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
c413242f-f59c-4790-8fbb-7048f4a5ea08

Timeline

Publicly Published
2018-05-15 (about 8 years ago)
Added
2018-05-16 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2022-12-23
Title
Waiting: One-click countdowns <= 0.6.2 - Cross-Site Request Forgery
Published
2022-05-18
Title
Email Users <= 4.8.8 - Arbitrary Settings Update via CSRF
Published
2025-01-16
Title
Wp-Scribd-List <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2014-08-01
Title
Sahifa 2.4.0 - Site Setting Reset CSRF
Published
2025-05-07
Title
Smaily for WP <= 3.1.6 - Cross-Site Request Forgery