WordPress Plugin Vulnerabilities

DX-auto-save-images <= 1.4.0 - CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Affects Plugins

Plugin icon
dx-auto-save-images
No known fix

References

CVE
CVE-2023-40671

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Skalucy
Verified
No
WPVDB ID
cbcc4f6f-3367-40b8-becc-1370dff34f65

Timeline

Publicly Published
2023-08-21 (about 8 months ago)
Added
2023-10-12 (about 7 months ago)
Last Updated
2023-10-12 (about 7 months ago)

Other

Published
Title
Published
2023-04-18
Title
BadgeOS <= 3.7.1.6 - CSRF
Published
2023-12-27
Title
GPT3 AI Content Writer < 1.8.13 - Cross-Site Request Forgery
Published
2022-03-08
Title
FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF
Published
2023-12-26
Title
Rise Blocks – A Complete Gutenberg Page Builder < 3.2 - Cross-Site Request Forgery
Published
2024-04-29
Title
SVS Pricing Tables <= 1.0.4 - Cross-Site Request Forgery to Pricing Table Edit/Creation