The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/eb983d82-b894-41c5-b51f-94d4bba3ba39/ | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/eb983d82-b894-41c5-b51f-94d4bba3ba39/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/eb983d82-b894-41c5-b51f-94d4bba3ba39/ - Exploit, Third Party Advisory |
02 Feb 2024, 23:49
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-352 | |
References | () https://wpscan.com/vulnerability/eb983d82-b894-41c5-b51f-94d4bba3ba39/ - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:sidenotesproject:side_notes:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
First Time |
Sidenotesproject
Sidenotesproject side Notes |
29 Jan 2024, 16:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-29 15:15
Updated : 2024-11-21 08:44
NVD link : CVE-2023-6633
Mitre link : CVE-2023-6633
CVE.ORG link : CVE-2023-6633
JSON object : View
Products Affected
sidenotesproject
- side_notes
CWE
CWE-352
Cross-Site Request Forgery (CSRF)