WordPress Plugin Vulnerabilities

YourChannel < 1.2.5 - Multiple CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins to reset and change the plugin's quick language translation, general and channel settings via CSRF attacks

Affects Plugins

Plugin icon
yourchannel
Fixed in 1.2.5

References

CVE
CVE-2023-1871
CVE
CVE-2023-1870
CVE
CVE-2023-1867
CVE
CVE-2023-1866

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
74c63b04-921f-4702-b46f-36752ee0de3d

Timeline

Publicly Published
2023-04-05 (about 1 years ago)
Added
2023-04-05 (about 1 years ago)
Last Updated
2023-04-20 (about 1 years ago)

Other

Published
Title
Published
2021-12-09
Title
Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF
Published
2021-07-12
Title
Advanced Menu Manager < 3.0 - Unauthorised Menu Edition via CSRF
Published
2021-10-28
Title
URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF
Published
2022-09-30
Title
WZone - Lite <= 3.1 - CSRF
Published
2021-09-04
Title
Media File Renamer - Auto & Manual Rename < 5.2.7 - Media Title/Filename/Locking State Update via CSRF