WordPress Plugin Vulnerabilities

Depicter Slider < 2.0.7 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
depicter
Fixed in 2.0.7

References

CVE
CVE-2023-6493
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c907ea-3ab4-4674-8945-ade4f6ff2679

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rafshanzani Suhada
Verified
No
WPVDB ID
c4c3c259-152f-4f08-b675-3853fab3092e

Timeline

Publicly Published
2024-01-04 (about 2 years ago)
Added
2024-01-05 (about 2 years ago)
Last Updated
2024-01-05 (about 2 years ago)

Other

Published
Title
Published
2025-04-17
Title
Redirect wordpress to welcome or landing page <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2026-01-09
Title
Stock Manager for WooCommerce < 3.6.0 - Cross-Site Request Forgery
Published
2022-05-09
Title
JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF
Published
2025-04-04
Title
WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms < 1.1.4 - Cross-Site Request Forgery
Published
2023-11-14
Title
Welcart e-Commerce < 2.9.5 - Cross-Site Request Forgery