WordPress Plugin Vulnerabilities

AutomateWoo < 5.7.6 - Cross-Site Request Forgery

Description

The plugin does not properly validate user input with nonces, resulting in a potential Cross-Site Request Forgery (CSRF) vulnerability.

Affects Plugins

Plugin icon
automatewoo
Fixed in 5.7.6

References

CVE
CVE-2023-36513
URL
https://patchstack.com/database/vulnerability/automatewoo/wordpress-automatewoo-plugin-5-7-5-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
d07c55ad-d7bb-4bf1-88a6-b0be585e8c13

Timeline

Publicly Published
2023-06-26 (about 2 years ago)
Added
2023-07-18 (about 2 years ago)
Last Updated
2023-07-18 (about 2 years ago)

Other

Published
Title
Published
2024-02-09
Title
Basic Log Viewer <= 1.0.4 - Cross-Site Request Forgery via wpst_lw_viewer
Published
2023-01-10
Title
Royal Elementor Addons < 1.3.60 - Menu Template Creation via CSRF
Published
2023-02-21
Title
WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF
Published
2016-08-08
Title
Add From Server < 3.3.2 - Cross-Site Request Forgery (CSRF)
Published
2026-01-23
Title
ZT Captcha <= 1.0.4 - Cross-Site Request Forgery to Settings Update