WordPress Plugin Vulnerabilities

Lazy Load for Videos < 2.18.3 - Arbitrary Settings Update via CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Affects Plugins

Plugin icon
lazy-load-for-videos
Fixed in 2.18.3

References

CVE
CVE-2023-45656

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
611b80b6-1f7d-4e14-9730-baec0e30f94a

Timeline

Publicly Published
2023-10-16 (about 7 months ago)
Added
2023-10-17 (about 7 months ago)
Last Updated
2024-01-26 (about 3 months ago)

Other

Published
Title
Published
2020-12-15
Title
Redux Framework 4.1.22 - 4.1.23 - CSRF Nonce Validation Bypass
Published
2021-10-18
Title
MouseWheel Smooth Scroll < 5.7 - Plugin's Setting Update via CSRF
Published
2023-05-24
Title
Flickr Justified Gallery <= 3.5 - Cross-Site Request Forgery
Published
2023-11-06
Title
Code Snippets < 3.6.0 - Arbitrary settings change via CSRF
Published
2023-09-29
Title
CopyRightPro <= 2.1 - Settings Update via CSRF