WordPress Plugin Vulnerabilities

Easy Social Icons < 3.2.1 - Unauthenticated Arbitrary Icon Deletion

Description

The plugin does not have authorisation and CSRF checks when deleting icons, allowing unauthenticated user to delete arbitrary icons

Proof of Concept

Affects Plugins

Plugin icon
easy-social-icons
Fixed in 3.2.1

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Jan w Oleju
Submitter
Jan w Oleju
Verified
Yes
WPVDB ID
e34deaa8-3848-48ae-800b-d50c88693727

Timeline

Publicly Published
2022-03-21 (about 3 years ago)
Added
2022-03-21 (about 3 years ago)
Last Updated
2022-03-21 (about 3 years ago)

Other

Published
Title
Published
2023-09-05
Title
WP Crowdfunding < 2.1.5 - Missing Authorization via settings_reset
Published
2023-10-25
Title
YITH WooCommerce Product Add-Ons < 4.2.1 - Missing Authorization
Published
2024-09-25
Title
Sunshine Photo Cart < 3.2.9 - Missing Authorization
Published
2024-08-02
Title
File Manager Pro – Filester < 1.8.3 - Authenticated Plugin Settings Update
Published
2024-03-28
Title
BEAR < 1.1.4.4 - Missing Authorization