WordPress Plugin Vulnerabilities

Realbig < 1.0.7 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings as well as clear logs and cache, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
realbig-media
Fixed in 1.0.7

References

CVE
CVE-2023-41694
URL
https://patchstack.com/database/vulnerability/realbig-media/wordpress-realbig-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
cabf9756-f7ab-4f92-8a6d-fe938b0ee91a

Timeline

Publicly Published
2023-09-04 (about 2 years ago)
Added
2023-10-11 (about 2 years ago)
Last Updated
2024-04-11 (about 2 years ago)

Other

Published
Title
Published
2024-06-28
Title
Preschool and Kindergarten < 1.2.2 - Cross-Site Request Forgery to Notice Dismissal
Published
2025-01-14
Title
Rocket Media Library Mime Type <= 2.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-11-11
Title
Seriously Simple Podcasting < 3.14.0 - Cross-Site Request Forgery
Published
2021-04-12
Title
Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
Published
2025-12-30
Title
SearchAzon <= 1.4 - Cross-Site Request Forgery