WordPress Plugin Vulnerabilities

AWP Classifieds < 4.3.1 - Categories Mgt via CSRF

Description

The plugin does not have CSRF checks when managing categories (such as deleting, updating etc), which could allow attackers to make logged in admins perform such actions via CSRF attacks

Affects Plugins

Plugin icon
another-wordpress-classifieds-plugin
Fixed in 4.3.1

References

CVE
CVE-2023-41801

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
f4f781ca-8386-44e4-b740-6763e0365fab

Timeline

Publicly Published
2023-09-05 (about 2 years ago)
Added
2023-10-10 (about 2 years ago)
Last Updated
2023-10-10 (about 2 years ago)

Other

Published
Title
Published
2024-11-13
Title
WP Popup Window Maker <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-03-27
Title
wpShopGermany IT-RECHT KANZLEI < 2.1 - Cross-Site Request Forgery
Published
2021-04-30
Title
Download Manager < 3.1.22 - Plugin Settings Change via CSRF
Published
2024-07-01
Title
pz-frontend-manager < 1.0.6 - CSRF change user profile picture
Published
2024-12-24
Title
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages < 3.2.8 - Cross-Site Request Forgery