WordPress Plugin Vulnerabilities

Gwolle Guestbook <= 2.1.0 - Cross-Site Request Forgery (CSRF)

Description

The Gwolle Guestbook WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
gwolle-gb
Fixed in 2.1.1

References

URL
https://sumofpwn.nl/advisory/2016/gwolle_guestbook_mass_action_vulnerable_for_cross_site_request_forgery.html
URL
https://seclists.org/bugtraq/2017/Mar/4

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
ee803a4d-d52b-42c2-9a59-29e4f1aee828

Timeline

Publicly Published
2017-03-01 (about 9 years ago)
Added
2017-03-02 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-04-22
Title
Royal Elementor Kit < 1.0.117 - Cross-Site Request Forgery to Notice Dismissal
Published
2024-12-12
Title
WP-Ban-User <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting
Published
2016-08-01
Title
ALO EasyMail Newsletter <= 2.9.2 - Cross-Site Request Forgery (CSRF)
Published
2024-06-05
Title
Pure Chat – Live Chat Plugin & More! < 2.23 - Cross-Site Request Forgery
Published
2023-02-28
Title
Real Estate 7 < 3.3.5 - Multiple CSRF