The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
References
Link | Resource |
---|---|
https://magos-securitas.com/txt/2023-6390.txt | Broken Link |
https://wpscan.com/vulnerability/a0ca68d3-f885-46c9-9f6b-b77ad387d25d/ | Exploit Third Party Advisory |
Configurations
History
29 Jan 2024, 16:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-29 15:15
Updated : 2024-02-03 00:28
NVD link : CVE-2023-6390
Mitre link : CVE-2023-6390
CVE.ORG link : CVE-2023-6390
JSON object : View
Products Affected
jonathonkemp
- wordpress_users
CWE
CWE-352
Cross-Site Request Forgery (CSRF)