The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/eb983d82-b894-41c5-b51f-94d4bba3ba39/ | Exploit Third Party Advisory |
Configurations
History
02 Feb 2024, 23:49
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-352 | |
References | () https://wpscan.com/vulnerability/eb983d82-b894-41c5-b51f-94d4bba3ba39/ - Exploit, Third Party Advisory | |
First Time |
Sidenotesproject
Sidenotesproject side Notes |
|
CPE | cpe:2.3:a:sidenotesproject:side_notes:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
29 Jan 2024, 16:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-29 15:15
Updated : 2024-08-07 19:35
NVD link : CVE-2023-6633
Mitre link : CVE-2023-6633
CVE.ORG link : CVE-2023-6633
JSON object : View
Products Affected
sidenotesproject
- side_notes
CWE
CWE-352
Cross-Site Request Forgery (CSRF)