WordPress Plugin Vulnerabilities

DH - Anti AdBlocker < 37 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
dh-anti-adblocker
Fixed in 37

References

CVE
CVE-2022-47162

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
rezaduty
Verified
No
WPVDB ID
f00bc5ea-b5e6-42ec-a496-e98f280887d3

Timeline

Publicly Published
2023-01-27 (about 3 years ago)
Added
2023-03-14 (about 3 years ago)
Last Updated
2023-03-14 (about 3 years ago)

Other

Published
Title
Published
2025-11-17
Title
Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery
Published
2024-06-28
Title
Coachify < 1.0.8 - Cross-Site Request Forgery to Notice Dismissal
Published
2024-01-04
Title
Depicter Slider < 2.0.7 - Settings Update via CSRF
Published
2024-04-11
Title
Finale Lite < 2.18.1 - Cross-Site Request Forgery
Published
2015-09-01
Title
WatuPRO < 4.9.0.8 - Cross-Site Request Forgery (CSRF)