WordPress Plugin Vulnerabilities

WP Tiles <= 1.1.2 - Cross-Site Request Forgery

Description

The plugin does not properly validate and verify requests use nonces, leading to a Cross-Site Request Forgery (CSRF) vulnerability.

Affects Plugins

Plugin icon
wp-tiles
No known fix

References

CVE
CVE-2023-25482
URL
https://patchstack.com/database/vulnerability/wp-tiles/wordpress-wp-tiles-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
d2caf573-3ea0-4078-b767-939a66cfb5a9

Timeline

Publicly Published
2023-05-24 (about 11 months ago)
Added
2023-07-18 (about 9 months ago)
Last Updated
2023-07-18 (about 9 months ago)

Other

Published
Title
Published
2024-04-10
Title
Inline Related Posts < 3.4.0 - Tracking Toggle via CSRF
Published
2023-01-27
Title
Uncanny Toolkit for LearnDash < 3.6.4.2 - Cross-Site Request Forgery (CSRF)
Published
2024-05-25
Title
Piotnet Addons For Elementor Pro <= 7.1.17 - Cross-Site Request Forgery
Published
2014-12-18
Title
Twimp WP <= 0.1 - Multiple CSRF
Published
2023-10-03
Title
POEditor < 0.9.5 - CSRF