WordPress Plugin Vulnerabilities

Remove CPT Base < 5.9 - CPT Deletion via CSRF

Description

The plugin does not have CSRF check in place when deleting the custom post type (CPT), allowing attackers to make a logged in admin do such action via a CSRF attack

Affects Plugins

Plugin icon
remove-cpt-base
Fixed in 5.9

References

CVE
CVE-2022-29431

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
BEE-K
Verified
No
WPVDB ID
dc65a65a-b588-4d7e-81c0-b72008d75379

Timeline

Publicly Published
2022-05-06 (about 3 years ago)
Added
2022-05-21 (about 3 years ago)
Last Updated
2023-02-14 (about 3 years ago)

Other

Published
Title
Published
2023-05-30
Title
Ultimate Member < 2.6.1 - Form Duplication via CSRF
Published
2016-04-12
Title
WordPress <= 4.4.2 - Script Compression Option CSRF
Published
2024-11-10
Title
JSP Store Locator <= 1.0 - Deletion via Missing CSRF
Published
2021-07-06
Title
WP HTML Mail < 3.0.8 - CSRF to XSS
Published
2024-04-24
Title
CM Tooltip Glossary < 4.3.0 - Settings Update via CSRF