Get a demo Acunetix Website Security Scanner Get a demo
  • Product
  • Why Acunetix?
    • Solutions
      • INDUSTRIES
        • IT & Telecom
        • Government
        • Financial Services
        • Education
        • Healthcare
      • ROLES
        • CTO & CISO
        • Engineering Manager
        • Security Engineer
        • DevSecOps
    • Case Studies
    • Customers
    • Testimonials
  • Pricing
  • About Us
    • Our story
    • In the news
    • Careers
    • Contact
  • Resources
    • Blog
    • Webinars
    • White papers
    • Buyer’s guide
    • Partners
    • Documentation
  • Get a demo
WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin ElasticPress Cross-Site Request Forgery (3.5.3)

Description

WordPress Plugin ElasticPress is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin ElasticPress version 3.5.3 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.5.4 or latest

References

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/

https://github.com/10up/ElasticPress/commit/b5600b1fe78ec7d5d6f8644a71eb8510054bc8f2

https://plugins.svn.wordpress.org/elasticpress/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list CSV Injection (2.0.68)

OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2023-5678)

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-40316)

phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-5502)

WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01)

Severity

High

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update CSRF

Take action and discover your vulnerabilities

Get a demo
Client: AWS
Client: Cognizant
Client: Garmin
Client: Airforce
Client: NASA
Client: American Express
Product Information
  • AcuSensor Technology
  • AcuMonitor Technology
  • Acunetix Integrations
  • Vulnerability Scanner
  • Support Plans
Use Cases
  • Penetration Testing Software
  • Website Security Scanner
  • External Vulnerability Scanner
  • Web Application Security
  • Vulnerability Management Software
Website Security
  • Cross-site Scripting
  • SQL Injection
  • Reflected XSS
  • CSRF Attacks
  • Directory Traversal
Learn More
  • White Papers
  • TLS Security
  • WordPress Security
  • Web Service Security
  • Prevent SQL Injection
Company
  • About Us
  • Customers
  • Become a Partner
  • Careers
  • Contact
Documentation
  • Case Studies
  • Documentation
  • Videos
  • Vulnerability Index
  • Webinars
  • Login
  • Invicti Subscription Services Agreement
  • Privacy Policy
  • Terms of Use
  • Sitemap
  • Find us on Facebook
  • Follow us on Twiter
  • Follow us on LinkedIn

© Acunetix 2025, by Invicti