WordPress Plugin Vulnerabilities

ShiftController Employee Shift Scheduling < 4.9.24 - CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Affects Plugins

Plugin icon
shiftcontroller
Fixed in 4.9.24

References

CVE
CVE-2023-29425

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Elliot
Verified
No
WPVDB ID
98f6f287-a18c-4115-af56-a8639c99b381

Timeline

Publicly Published
2023-11-12 (about 6 months ago)
Added
2023-11-12 (about 6 months ago)
Last Updated
2023-11-12 (about 6 months ago)

Other

Published
Title
Published
2023-11-20
Title
Analytify Dashboard < 5.2.0 - Cross-Site Request Forgery
Published
2023-07-10
Title
HT Feed < 1.2.8 - Cross-Site Request Forgery
Published
2022-05-23
Title
Genki Pre-Publish Reminder <= 1.4.1 - Stored XSS & RCE via CSRF
Published
2022-09-30
Title
OSM <= 6.0.2 - CSRF
Published
2023-06-13
Title
All Bootstrap Blocks < 1.3.7 - Cross-Site Request Forgery