cleantalk
Vulnerabilities and Security Researches

Companion Auto Update, 4ed0f911f8fcd2b401511da7c4879e693fff1d89

CVE, Research URL

4ed0f911f8fcd2b401511da7c4879e693fff1d89

Home page URL

Security reports for Companion Auto Update

Application

Companion Auto Update

Published on
Jun 01, 2017
Research Description
Companion Auto Update [companion-auto-update] < 2.9.4 WordPress Companion Auto Update plugin <=2.9.3 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities WordPress Companion Auto Update plugin Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) vulnerability. The CSRF occurs when you try to change the plugin’s settings. There's no nonce to validate the request. The XSS vulnerability appears for "Email address" input field, the output is not escaped. Update the plugin.
Affected versions
max 2.9.4.
Status
vulnerable
Previous vulnerability researches
Elizaibots (CVE-2025-49893) , Aug 20, 2025
Elizaibots (abcf8d2a13b3fd2324a04f9724e5ac9347743677) , Jun 16, 2026
New vulnerability
Easy Author Image (e39ff5bac8425a66fc0c9b6562b747b859114b0b) , Jun 16, 2026
Easy Author Image (93248c06-a3ef-4085-be4d-56a6f6f143ab) , Jun 16, 2026
Wise Chat (845591d4-a8e4-4c50-985c-b997d16d2d7b) , Jun 16, 2026
Wise Chat (031ccbd4f69214229e273865922401b6adf804b4) , Jun 16, 2026
Wise Chat (e52da4e8c6796a3d9b3f302ab5bdf78960cb7797) , Jun 16, 2026