The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/b2c6fa7d-1b0f-444b-8ca5-8c1c06cea1d9 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/b2c6fa7d-1b0f-444b-8ca5-8c1c06cea1d9 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:34
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-30 15:15
Updated : 2024-11-21 08:34
NVD link : CVE-2023-4209
Mitre link : CVE-2023-4209
CVE.ORG link : CVE-2023-4209
JSON object : View
Products Affected
poeditor
- poeditor
CWE
No CWE.