WordPress Plugin Vulnerabilities

All Bootstrap Blocks < 1.3.7 - Cross-Site Request Forgery

Description

The plugin does not properly validate user requests, leading to a potential Cross-Site Request Forgery (CSRF) vulnerability.

Affects Plugins

Plugin icon
all-bootstrap-blocks
Fixed in 1.3.7

References

CVE
CVE-2023-35047
URL
https://patchstack.com/database/vulnerability/all-bootstrap-blocks/wordpress-all-bootstrap-blocks-plugin-1-3-6-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
LEE SE HYOUNG
Verified
No
WPVDB ID
cfda78cb-cea7-41e1-bf02-7f981d67173e

Timeline

Publicly Published
2023-06-13 (about 2 years ago)
Added
2023-07-11 (about 2 years ago)
Last Updated
2023-07-11 (about 2 years ago)

Other

Published
Title
Published
2025-08-22
Title
Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion
Published
2025-10-02
Title
Optimize More! – CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset
Published
2025-04-04
Title
Sidebar Manager Light <= 1.1.8 - Cross-Site Request Forgery
Published
2023-08-28
Title
Social Share Boost <= 4.5 - Plugin Settings Update via CSRF
Published
2025-01-06
Title
AI WP Writer < 3.8.4.5 - Cross-Site Request Forgery