WordPress Plugin Vulnerabilities

WordPress Real Cookie Banner < 2.14.2 - Settings Reset via CSRF

Description

The plugin does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack

Proof of Concept

Affects Plugins

Plugin icon
real-cookie-banner
Fixed in 2.14.2

References

CVE
CVE-2022-0445

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
d9f28255-0026-4c42-9e67-d17b618c2285

Timeline

Publicly Published
2022-02-07 (about 3 years ago)
Added
2022-02-07 (about 3 years ago)
Last Updated
2022-04-13 (about 3 years ago)

Other

Published
Title
Published
2024-03-25
Title
Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF
Published
2023-03-13
Title
Intrepidity <= 1.5.1 - File Upload and Option Update via CSRF
Published
2024-03-28
Title
WP SMS < 6.6.3 - Cross-Site Request Forgery
Published
2024-08-29
Title
GS Logo Slider < 3.7.1 - Settings Update via Cross-Site Request Forgery
Published
2025-02-07
Title
WP All Import Pro < 4.9.8 - Cross-Site Request Forgery to Imported Content Deletion