The HT Portfolio WordPress plugin before 1.1.6 lacks CSRF check, allowing attackers to force logged-in admins to activate arbitrary plugins via CSRF attack
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
![]() | CVE-2023-0497 HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF | 27 Mar 202315:37 | – | cvelist |
![]() | HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF | 28 Feb 202300:00 | – | wpvulndb |
![]() | CVE-2023-0497 | 27 Mar 202316:15 | – | nvd |
![]() | HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF | 28 Feb 202300:00 | – | wpexploit |
![]() | WordPress HT Portfolio Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) | 6 Mar 202300:00 | – | patchstack |
![]() | Cross site request forgery (csrf) | 27 Mar 202316:15 | – | prion |
![]() | Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023) | 9 Mar 202314:32 | – | wordfence |
[
{
"vendor": "Unknown",
"product": "HT Portfolio",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.1.6"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo