This issue has been fixed in version 2.6.10. Before installing this plugin, you should make sure your site does not use a file manager that allows uploading files. If you are certain your site does not use a file manager, you can safely install the Frontend File Manager plugin.

Unarchived RSS Feeds Plugin before 1.1.2 performs incorrect CSRF validation, which could allow remote attackers to hijack the add feeds page via a crafted request to the plugin’s RSS feed.

Redirect Redirect Plugin v2.0 has CSRF issues, which could allow remote attackers to hijack the settings page.

WP-DisableViewtags v2.0.2 does not have a CSRF protection, which could allow attackers to perform clickjacking attacks.

WP-Full Redirect v3.3 has CSRF issues, which could allow remote attackers to hijack the settings page.

WP v3.6.1 has a CSRF issue, which could allow remote attackers to hijack the settings page.

WP v3.6.2 has a Cross-site request forgery (CSRF) issue via the Viewtags settings page, which could allow attackers to hijack the settings page.

WP v3.6.3 has a Cross-site request forgery (CSRF) issue via the Viewtags settings page, which could allow attackers to hijack the settings page.

Other notes

- CVE-2022-3126: This issue has been fixed in version 2.6.10. Before installing this plugin, you should make sure your site does not use a file manager that allows uploading files. If you are certain your site does not use a file manager, you can safely install the Frontend File Manager plugin.
- Redirect Redirect Plugin v2.0 has CSRF issues, which could allow remote attackers to hijack the settings page.

- WP-DisableViewtags v2.0.2 does not have a CSRF protection, which could allow attackers to perform clickjacking attacks.

- WP-Full Redirect v3.3 has CSRF issues, which could allow remote attackers to hijack the settings page

Timeline

Published on: 10/17/2022 12:15:00 UTC
Last modified on: 10/21/2022 16:13:00 UTC

References