Description
WordPress Plugin Simba Plugin Updates Manager is prone to multiple cross-site request forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Simba Plugin Updates Manager version 1.6.16 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.6.17 or latest
References
Related Vulnerabilities
Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1015)
WordPress Plugin Export Users With Meta SQL Injection (0.6.4)
Envoy Proxy Use After Free Vulnerability (CVE-2022-29227)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5876)
IBM RTC Incorrect Authorization Vulnerability (CVE-2017-1700)