WordPress Plugin Vulnerabilities

Easy Hide Login < 1.0.9 - Arbitrary settings update via CSRF

Description

\The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
easy-hide-login
Fixed in 1.0.9

References

CVE
CVE-2023-31075

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
konagash
Verified
No
WPVDB ID
d6afb830-1af9-4e43-80ac-ec3c5001b734

Timeline

Publicly Published
2023-05-09 (about 3 years ago)
Added
2023-11-21 (about 2 years ago)
Last Updated
2023-11-21 (about 2 years ago)

Other

Published
Title
Published
2024-01-08
Title
Droit Elementor Addons <= 3.1.5 - Cross-Site Request Forgery
Published
2023-02-21
Title
Advanced Database Cleaner <= 3.1.1 - Settings Update via CSRF
Published
2023-05-09
Title
CM On Demand Search And Replace < 1.3.1 - Multiple CSRF
Published
2026-03-06
Title
Font Pairing Preview For Landing Pages <= 1.3 - Cross-Site Request Forgery to Settings Update
Published
2025-04-17
Title
Revision Diet <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting