WordPress Widgets Reset plugin <= 0.1 - Settings Update via CSRF vulnerability

Settings Update via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Widgets Reset versions = 0.1...

CVE-2024-8082

The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-8082

The Widgets Reset WordPress plugin (versions ≤ 0.1) contains a CSRF flaw in the settings update path caused by missing CSRF protection. This could enable a logged-in administrator to alter settings via a CSRF attack. Public materials identify the affected version, but none provide a confirmed pat...

PT-2025-21510 · WordPress · Widgets Reset

Name of the Vulnerable Software and Affected Versions: Widgets Reset WordPress plugin versions 0.1 and earlier Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For...