Best Restaurant Menu by PriceListo < 1.4.0 – Settings Update via CSRF | CVE 2023-47649

Affects Plugins

Fixed in 1.4.0

References

CVE

CVE-2023-47649

URL

https://patchstack.com/database/vulnerability/best-restaurant-menu-by-pricelisto/wordpress-best-restaurant-menu-by-pricelisto-plugin-1-3-1-cross-site-request-forgery-csrf-vulnerability

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Skalucy

Verified

No

WPVDB ID

e963d8f6-22c3-42a7-834d-9d6b596de2e1

Timeline

Publicly Published

2023-11-07 (about 2 years ago)

Added

2023-11-23 (about 2 years ago)

Last Updated

2024-03-21 (about 1 year ago)

Other

Published

Title

Published

2024-10-14

Title

Linked Variation for WooCommerce < 2.0.0 - CSRF

Published

2023-10-31

Title

GiveWP < 2.33.4 - Cross-Site Request Forgery to plugin deactivation

Published

2023-11-02

Title

WP Google My Business Auto Publish < 3.8 - Multiple CSRF

Published

2022-09-30

Title

Media Library Folders < 7.1.2 - Plugin Reset via CSRF

Published

2025-11-10

Title

CTL Arcade Lite <= 1.0 - Cross-Site Request Forgery to Plugin Activation and Deactivation