WP Revisions Manager <= 1.0.2 – Cross-Site Request Forgery | CVE 2024-53761 | Plugin Vulnerabilities

Description

The WP Revisions Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affects Plugins

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/96a5db79-a88d-4c1f-9da4-6dd3120ff85e

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Marek Mikita

Verified

No

WPVDB ID

c73a0638-3238-4e5d-babf-4ef5e17d96e3

Timeline

Publicly Published

2024-11-28 (about 1 year ago)

Added

2024-12-05 (about 1 year ago)

Last Updated

2024-12-05 (about 1 year ago)

Other

Published

Title

Published

2021-12-09

Title

Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF

Published

2024-06-05

Title

Muslim Prayer Time BD < 2.5 - Settings Reset via CSRF

Published

2023-03-16

Title

Import External Images <= 1.4 - CSRF

Published

2024-05-03

Title

Stop Spammers Security | Block Spam Users, Comments, Forms < 2024.5 - Cross-Site Request Forgery (CSRF) via sfs_process

Published

2023-06-02

Title

Online Booking & Scheduling Calendar for WordPress by vcita < 4.5.2 - Denial of Service via CSRF