WordPress Plugin Vulnerabilities

Ahmeti Wp Güzel Sözler <= 4.0 - Cross-Site Request Forgery

Description

The Ahmeti Wp Güzel Sözler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown.

Affects Plugins

Plugin icon
ahmeti-wp-guzel-sozler
No known fix

References

CVE
CVE-2024-53707
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/b854d8ba-2dc4-45f7-8128-8d2737fbb7d4

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
eccf42cd-8790-4e06-a50c-24bf9f872d8f

Timeline

Publicly Published
2024-11-22 (about 1 year ago)
Added
2024-11-26 (about 1 year ago)
Last Updated
2024-11-26 (about 1 year ago)

Other

Published
Title
Published
2023-05-18
Title
Performance Lab < 2.3.0 - CSRF
Published
2022-09-29
Title
Profile Builder < 3.6.1 - Settings Import via CSRF
Published
2026-01-10
Title
Copyscape Premium < 1.4.2 - Cross-Site Request Forgery
Published
2024-01-03
Title
My Sticky Bar < 2.6.7 - CSV Export via CSRF to Sensitive Information Disclosure
Published
2024-07-06
Title
Ultimate Auction < 4.2.6 - Cross-Site Request Forgery