cleantalk
Vulnerabilities and Security Researches

Simple Author Box, 8b7aa1417907f5ca7f22def8e70e2d23e5295ddf

CVE, Research URL

8b7aa1417907f5ca7f22def8e70e2d23e5295ddf

Home page URL

Security reports for Simple Author Box

Application

Simple Author Box

Published on
Mar 28, 2023
Research Description
Simple Author Box [simple-author-box] < 2.51 Simple Author Box <= 2.50 - Cross-Site Request Forgery via save_user_profile The Simple Author Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.50. This is due to missing or incorrect nonce validation on the save_user_profile function. This makes it possible for unauthenticated attackers to edit user profile settings of other users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.51.
Status
vulnerable
Previous vulnerability researches
Simple Author Box , Mar 30, 2026
Simple Author Box (CVE-2023-3601) , Jun 07, 2024
Simple Author Box (8b7aa1417907f5ca7f22def8e70e2d23e5295ddf) , Jun 07, 2024
New vulnerability
File Manager Pro &#8211; Filester , Mar 30, 2026
Simple Author Box , Mar 30, 2026
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery , Mar 30, 2026
Speed Optimizer &#8211; The All-In-One WordPress Performance-Boosting Plugin , Mar 30, 2026
Product Feed PRO for WooCommerce (CVE-2026-32443) , Mar 30, 2026