WordPress WP Spell Check plugin <= 9.21 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Khang Duong in WordPress Plugin WP Spell Check versions = 9.21...

PT-2024-19230 · WordPress · Wp Spell Check

Name of the Vulnerable Software and Affected Versions: WP Spell Check versions prior to 9.18 Description: A Cross-Site Request Forgery CSRF issue has been identified. This allows an attacker to perform unintended actions on a user's behalf. Recommendations: For versions prior to 9.18, update to...

CVE-2022-2658

The WP Spell Check WordPress plugin before 9.13 does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery

Overview WordPress Plugin "WP Spell Check" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Takuya Yamaguchi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported these vulnerabilities...