WordPress Remove CPT base plugin <= 5.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to CPT base deletion
Vulnerable versions
<= 5.8
PSID
ad7b82c29ea8
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Required privilege
Publicly disclosed
2022-05-06
Patchstack vPatch available since
09.12.2021
Details
Cross-Site Request Forgery (CSRF) vulnerability leading to CPT base deletion discovered by Ex.Mi (Patchstack) in WordPress Remove CPT base plugin (versions <= 5.8).
Solution
Update the WordPress Remove CPT base plugin to the latest available version (at least 5.9).
References
CVE-2022-29431
Plugin changelog