WordPress Plugin Vulnerabilities

GetResponse < 5.5.21 - API Key Update via CSRF

Description

The plugin does not have CSRF check when updating the API key, which could allow attackers to make logged admins update it via a CSRF attack

Affects Plugins

Plugin icon
getresponse-integration
Fixed in 5.5.21

References

CVE
CVE-2022-35277

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Rasi Afeef
Verified
No
WPVDB ID
fcab4b40-f68a-49c8-a865-0716be97c635

Timeline

Publicly Published
2022-09-01 (about 3 years ago)
Added
2022-09-15 (about 3 years ago)
Last Updated
2022-09-15 (about 3 years ago)

Other

Published
Title
Published
2023-09-22
Title
Brands for WooCommerce < 3.8.2.3 - Cross-Site Request Forgery
Published
2025-05-16
Title
Import Export For WooCommerce <= 1.6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2020-09-16
Title
WP Project Manager < 2.4.1 - Cross-Site Request Forgery
Published
2024-11-22
Title
WP-ISPConfig 3 <= 1.5.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-05-05
Title
AHAthat Plugin <= 1.6 - Cross-Site Request Forgery to AHA Page Deletion