WordPress Plugin Vulnerabilities

Access Demo Importer < 1.0.8 - Data Reset via CSRF

Description

The plugin does not have CSRF check in place which could allow an attacker to make a logged in admin reset the data of post/page/media

Affects Plugins

Plugin icon
access-demo-importer
Fixed in 1.0.8

References

CVE
CVE-2022-23976

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.1 (high)

Miscellaneous

Original Researcher
Ex.Mi
Verified
Yes
WPVDB ID
fd38b94c-cde8-448f-9d7b-f8272e5a8ba0

Timeline

Publicly Published
2022-01-24 (about 4 years ago)
Added
2022-04-18 (about 4 years ago)
Last Updated
2022-04-19 (about 4 years ago)

Other

Published
Title
Published
2024-06-21
Title
UberMenu < 3.8.4 - Cross-Site Request Forgery to Settings Reset
Published
2024-02-26
Title
Categorify < 1.0.7.5 - Cross-Site Request Forgery via categorifyAjaxClearCategory
Published
2025-03-31
Title
Elfsight Testimonials Slider <= 1.0.1 - Cross-Site Request Forgery to Settings Update
Published
2025-02-04
Title
Cross-Site Request Forgery < 1.2.5 - Cross-Site Request Forgery
Published
2025-12-31
Title
Mergado Pack <= 4.2.0 - Cross-Site Request Forgery