WordPress Plugin Vulnerabilities

Really Simple Google Tag Manager < 1.0.7 - Arbitrary Plugin Activation via CSRF

Description

The plugin does not have CSRF checks when activating plugins, which could allow attackers to make logged in users perform such action via a CSRF attack

Affects Plugins

Plugin icon
really-simple-google-tag-manager
Fixed in 1.0.7

References

CVE
CVE-2023-23801

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
e21683ee-7dc4-46d0-ad30-b8bb7b0eb6f3

Timeline

Publicly Published
2023-03-31 (about 3 years ago)
Added
2023-04-06 (about 3 years ago)
Last Updated
2023-04-06 (about 3 years ago)

Other

Published
Title
Published
2026-02-13
Title
WP Quick Contact Us <= 1.0 - Cross-Site Request Forgery to Settings Update
Published
2024-12-12
Title
phZoom <= 1.2.92 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-04-19
Title
Gallery Metabox <= 1.5 - Gallery Removal via CSRF
Published
2025-06-05
Title
Konami Easter Egg <= v0.4 - Cross-Site Request Forgery
Published
2024-01-08
Title
Droit Elementor Addons <= 3.1.5 - Cross-Site Request Forgery