The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
References
Link | Resource |
---|---|
https://magos-securitas.com/txt/2023-6390.txt | Broken Link |
https://wpscan.com/vulnerability/a0ca68d3-f885-46c9-9f6b-b77ad387d25d/ | Exploit Third Party Advisory |
Configurations
History
03 Feb 2024, 00:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Jonathonkemp wordpress Users
Jonathonkemp |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-352 | |
CPE | cpe:2.3:a:jonathonkemp:wordpress_users:*:*:*:*:*:wordpress:*:* | |
References | () https://magos-securitas.com/txt/2023-6390.txt - Broken Link | |
References | () https://wpscan.com/vulnerability/a0ca68d3-f885-46c9-9f6b-b77ad387d25d/ - Exploit, Third Party Advisory |
29 Jan 2024, 16:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-29 15:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-6390
Mitre link : CVE-2023-6390
CVE.ORG link : CVE-2023-6390
JSON object : View
Products Affected
jonathonkemp
- wordpress_users
CWE
CWE-352
Cross-Site Request Forgery (CSRF)