thanks

a. Disable HTTP compression.

b. Separate secrets from user input.

c. Randomize secrets per request.

d. Mask secrets (effective randomization using XORing with one random secret per request). and.

e. Apply protection to vulnerable pages with CSRF.

F. Hide length by adding a random number of bytes to responses.

g. Limit requests.

“WordPress Clearfy Cache plugin <= 2.2.3 – Cross Site Request Forgery (CSRF) vulnerability found in version(s) <= 2.2.3.”

Thank you

Patchstack has detected on 13 May 2024 this security vulnerability in your plugin:

Clearfy Cache <= 2.2.1

This is the security vulnerability that was discovered by Patchstack:

Cross Site Request Forgery (CSRF)

This is the Patchstack link where you can check the security vulnerability report:

https://patchstack.com/database/vulnerability/clearfy/wordpress-clearfy-cache-plugin-2-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=app

I ask you to kindly resolve this problem relating to the security of your Clearfy Cache plugin as soon as possible, thank you.

I look forward to your response and thank you in advance for your support.

Has this plugin been discontinued?

According to the WordPress Vulnerability Report Clearfy is infected with a Cross Site Request Forgery (CSRF) and there are no updates.

It’s already the 2? report that points out this problem, so I had to uninstall the plugin, but I was waiting for an update.

“WordPress Simple Share Buttons Adder plugin <= 8.5.0 – Cross Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) vulnerability discovered by Muhammad Daffa (Patchstack Alliance) in WordPress Plugin Simple Share Buttons Adder (versions <= 8.5.0)
Date: 19.04.2023 | Source: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/simple-share-buttons-adder/simple-share-buttons-adder-846-cross-site-request-forgery “

I am using version 8.5.0

Maybe this is a faulty alert?

No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

https://patchstack.com/database/vulnerability/custom-order-statuses-for-woocommerce/wordpress-custom-order-statuses-for-woocommerce-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability

It seems the CSRF is always available in your plugin. Do you have any time frame when it will be secured ?
https://patchstack.com/database/vulnerability/osm/wordpress-osm-openstreetmap-plugin-6-0-cross-site-request-forgery-csrf-vulnerability

Regards

Cross Site Request Forgery (CSRF) vulnerability discovered by Abdi Pranata (Patchstack Alliance) in WordPress Plugin WP Attachments (versions <= 5.0.6)