WordPress Plugin Vulnerabilities
UpdraftPlus < 1.23.4 - CSRF
Description
The plugin does not have CSRF check in the action_authenticate_storage, which could allow attackers to make logged in admins inject JavaScript into a parameter in the authentication process via a CSRF attack when they can trick an admin to perform multiple actions including re-authenticating a connection to a storage.
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-05-18 (about 1 years ago)
Added
2023-06-22 (about 1 years ago)
Last Updated
2023-06-22 (about 1 years ago)