cleantalk
Vulnerabilities and Security Researches

Amministrazione Trasparente, CVE-2021-4398

CVE, Research URL

CVE-2021-4398

Home page URL

Security reports for Amministrazione Trasparente

Application

Amministrazione Trasparente

Published on
Jul 01, 2023
Research Description
The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the at_save_aturl_meta() function. This makes it possible for unauthenticated attackers to update meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 7.1.1.
Status
vulnerable
Previous vulnerability researches
Amministrazione Trasparente (CVE-2025-5083) , Sep 01, 2025
Amministrazione Trasparente (a398b4e89f572011714fb298ebff770571e7e08f) , Jun 07, 2024
Amministrazione Trasparente (CVE-2021-4398) , Jun 07, 2024
Amministrazione Trasparente (CVE-2021-4342) , Jun 07, 2024
Amministrazione Trasparente (CVE-2023-45758) , Jun 07, 2024
New vulnerability
TablePress – Tables in WordPress made easy (CVE-2025-9500) , Sep 02, 2025
Chatbox Manager (CVE-2025-58211) , Sep 02, 2025
WooCommerce Payment Gateway for Saferpay (CVE-2025-48317) , Sep 02, 2025
iATS Online Forms (CVE-2025-9441) , Sep 02, 2025
Poll, Survey & Quiz Maker Plugin by Opinion Stage (CVE-2025-53328) , Sep 02, 2025