Post Video Players < 1.160 – Settings Update via CSRF | CVE 2024-23515

Affects Plugins

Fixed in 1.160

References

CVE

CVE-2024-23515

URL

https://patchstack.com/database/vulnerability/video-playlist-and-gallery-plugin/wordpress-cincopa-video-and-media-plugin-1-158-cross-site-request-forgery-csrf-vulnerability

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Skalucy

Verified

No

WPVDB ID

cbf88170-8080-49e2-a120-180519a917b2

Timeline

Publicly Published

2024-01-30 (about 2 years ago)

Added

2024-02-05 (about 2 years ago)

Last Updated

2024-03-18 (about 2 years ago)

Other

Published

Title

Published

2024-07-19

Title

WP GoToWebinar < 15.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2023-12-05

Title

LiveChat < 4.5.16 - Cross-Site Request Forgery

Published

2023-07-07

Title

WordPress Mobile Pack <= 3.4.1 - Cross-Site Request Forgery

Published

2023-10-16

Title

AMP WP <= 1.5.15 - Arbitrary Settings Update via CSRF

Published

2025-06-27

Title

WP Permalink Translator <= 1.7.6 - Cross-Site Request Forgery