WordPress Plugin Vulnerabilities

Category Specific RSS feed Subscription < 2.2 - Settings Update via CSRF

Description

The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
category-specific-rss-feed-menu
Fixed in 2.2

References

CVE
CVE-2023-22691

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
yuyudhn
Verified
Yes
WPVDB ID
e12c3828-ab07-4309-992c-7655f1836cd2

Timeline

Publicly Published
2023-01-20 (about 3 years ago)
Added
2023-05-04 (about 3 years ago)
Last Updated
2023-05-04 (about 3 years ago)

Other

Published
Title
Published
2022-05-18
Title
HC Custom WP-Admin URL <= 1.4 - Unauthenticated Arbitrary Settings Update via CSRF
Published
2025-09-22
Title
NIX Anti-Spam Light <= 0.0.4 - Cross-Site Request Forgery
Published
2025-09-05
Title
Auto Last Youtube Video <= 1.0.7 - Cross-Site Request Forgery
Published
2025-03-28
Title
Terms of Use <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-09-22
Title
Grid < 2.3.2 - Cross-Site Request Forgery