cleantalk
Vulnerabilities and Security Researches

DoFollow Case by Case, 1e9b7bb5c1a7b77c71d65b1f71e15754e7feb042

CVE, Research URL

1e9b7bb5c1a7b77c71d65b1f71e15754e7feb042

Home page URL

Security reports for DoFollow Case by Case

Application

DoFollow Case by Case

Published on
Sep 22, 2023
Research Description
DoFollow Case by Case [dofollow-case-by-case] < 3.5.0 DoFollow Case by Case <= 3.4.2 Cross-Site Request Forgery via getEmail and getUrl The DoFollow Case by Case plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the 'getEmail' and 'getUrl' functions. This makes it possible for unauthenticated attackers to add emails and URLs to the plugin's allowlist via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 3.5.0.
Status
vulnerable
Previous vulnerability researches
DoFollow Case by Case (CVE-2023-49197) , Jun 07, 2024
DoFollow Case by Case (1e9b7bb5c1a7b77c71d65b1f71e15754e7feb042) , Jun 07, 2024
DoFollow Case by Case (CVE-2025-47625) , May 09, 2025
DoFollow Case by Case (CVE-2025-47624) , May 09, 2025
New vulnerability
1 Click WordPress Migration Plugin &#8211; 100% FREE for a limited time (CVE-2025-3455) , May 10, 2025
EUCookieLaw (CVE-2025-3897) , May 10, 2025
Frontend Login and Registration Blocks (CVE-2025-3605) , May 10, 2025
WordPress CRM, Email &amp; Marketing Automation for WordPress | Award Winner — Groundhogg (CVE-2025-4206) , May 10, 2025
Top 10 &#8211; WordPress Popular posts by WebberZone (CVE-2025-47509) , May 09, 2025