Cross-Site Request Forgery (CSRF) vulnerability

#1 · November 12, 2022, 4:27 pm

Getting alerts that there is a security issue with 2.1.0?

WordPress Asgaros Forum plugin <= 2.1.0 – Cross-Site Request Forgery (CSRF) vulnerability

https://patchstack.com/database/vulnerability/asgaros-forum/wordpress-asgaros-forum-plugin-2-1-0-cross-site-request-forgery-csrf-vulnerability?_a_id=110

Andreas and nopjackson have reacted to this post.

#2 · November 14, 2022, 9:54 am

I guess Thomas is already aware, but the plugin has even been temporarily removed by WordPress…
https://fr.wordpress.org/plugins/asgaros-forum/

icentrics has reacted to this post.

#3 · November 14, 2022, 12:47 pm

Yes same here

Asgaros Forum Vulnerability

Category:PLUGIN

Versions-Affected:<= 2.1.0

Type:Cross Site Request Forgery

Severity:MEDIUM

Description:Cross-Site Request Forgery (CSRF) vulnerability discovered by Dhakal Ananda (Patchstack Alliance) in the WordPress Asgaros Forum plugin (versions <= 2.1.0).

icentrics and nopjackson have reacted to this post.

#4 · January 11, 2023, 9:39 am

Did you ever find or create a fix for the CSRF issue, if so, can you share? Thanks-

#5 · March 8, 2023, 3:58 am

Hello

This issue should be fully fixed. I still get complains that the issue is still there, but I never got any additional details. Also the plugin got a security audit from the WordPress team and I am not aware of any additional security issues.

If you want to support the development of Asgaros Forum, you can leave a good review or donate. Thank you very much!