WordPress Plugin Vulnerabilities

copy-me 1.0.0 - Copy Posts Cross-Site Request Forgery (CSRF)

Description

The copy-me WordPress plugin was affected by a Copy Posts Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
copy-me
No known fix

References

CVE
CVE-2016-10938
URL
https://advisories.dxw.com/advisories/copy-me-vulnerable-to-csrf-allowing-unauthenticated-attacker-to-copy-posts/
URL
https://seclists.org/fulldisclosure/2016/Dec/73

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
6.5 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
cd64895d-0da1-4f08-a2c8-daaac5e402b0

Timeline

Publicly Published
2016-12-21 (about 9 years ago)
Added
2016-12-22 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-12-27
Title
Spam protection, AntiSpam, FireWall by CleanTalk < 6.21 - Counters Reset/Creation via CSRF
Published
2023-12-28
Title
Republish Old Posts < 1.27 - Cross-Site Request Forgery via rop_options_page
Published
2016-02-10
Title
Duplicator <= 1.1.3 - Cross-Site Request Forgery (CSRF)
Published
2018-09-17
Title
File Manager < 3.1 - CSRF to Stored Cross-Site Scripting
Published
2025-04-09
Title
Essential Breadcrumbs <= 1.1.1 - Cross-Site Request Forgery to Privilege Escalation