WordPress Plugin Vulnerabilities

Optimize Database after Deleting Revisions < 5.1.1 - Database Optimization via CSRF

Description

The plugin does not have CSRF check when starting the database optimization process, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
rvg-optimize-database
Fixed in 5.1.1

References

CVE
CVE-2023-25980

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
e90d9aae-a56c-4704-9cdf-a48b9a4dd919

Timeline

Publicly Published
2023-07-26 (about 2 years ago)
Added
2023-10-09 (about 2 years ago)
Last Updated
2024-01-30 (about 2 years ago)

Other

Published
Title
Published
2026-04-21
Title
Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form
Published
2025-04-24
Title
Related Posts via Taxonomies <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-05-07
Title
Squelch Tabs and Accordions Shortcodes < 0.4.8 - Cross-Site Request Forgery
Published
2025-09-09
Title
Maspik < 2.5.7 - Cross-Site Request Forgery
Published
2024-04-15
Title
Delete Custom Fields <= 0.3.1 - Cross-Site Request Forgery to Post Meta Deletion