WordPress Plugin Vulnerabilities

A2 Optimized WP < 3.0.5 - Data Collection Toggle via CSRF

Description

The plugin does not have CSRF check in place when toggling its data Collection settings, which could allow attackers to make a logged in admin enabled/disable it via a CSRF attack

Affects Plugins

Plugin icon
a2-optimized-wp
Fixed in 3.0.5

References

CVE
CVE-2023-23711

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
Yes
WPVDB ID
d3891849-7a1e-4265-8cfa-c7ef78cd5533

Timeline

Publicly Published
2023-02-06 (about 3 years ago)
Added
2023-03-13 (about 3 years ago)
Last Updated
2023-03-13 (about 3 years ago)

Other

Published
Title
Published
2023-11-28
Title
Chat Bubble <= 2.4 - Settings Update via CSRF
Published
2025-09-03
Title
Tickera < 3.5.5.8 - Cross-Site Request Forgery
Published
2021-08-16
Title
Event Espresso 4 Decaf < 4.10.12 - Cross-Site Request Forgery
Published
2023-03-06
Title
clickfunnels <= 3.1.1 - Settings Update via CSRF
Published
2025-08-22
Title
Premmerce Brands for WooCommerce < 1.2.14 - Cross-Site Request Forgery