Lucene search
WPScanCVELIST:CVE-2023-1089HistoryMar 27, 2023 - 3:37 p.m.
CVE-2023-1089 Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF
2023-03-2715:37:20
WPScan
www.cve.org
coupon zen
wordpress
csrf
arbitrary
plugin activation
csrf attack
The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CNA Affected
[
{
"vendor": "Unknown",
"product": "Coupon Zen",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.0.6"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF
2023-02-28 00:00:00
nvd
nvd
CVE-2023-1089
2023-03-27 16:15:09
wpexploit
wpexploit
Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF
2023-02-28 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-03-27 16:15:00
cve
cve
CVE-2023-1089
2023-03-27 16:15:09