Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistJpcertCVELIST:CVE-2023-27889
HistoryMay 10, 2023 - 12:00 a.m.

CVE-2023-27889

2023-05-1000:00:00
jpcert
www.cve.org
cve-2023-27889
cross-site request forgery
liquid speech balloon
remote attacker
unauthenticated
authentication hijacking
user view
malicious page

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.9%

JSON

Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page.

CNA Affected

[
  {
    "vendor": "LIQUID DESIGN Ltd.",
    "product": "LIQUID SPEECH BALLOON",
    "versions": [
      {
        "version": "versions prior to 1.2",
        "status": "affected"
      }
    ]
  }
]

Related

cve 1
prion 1
wpvulndb 1
nvd 1
jvn 1
wordfence 1
cve
cve
CVE-2023-27889
2023-05-10 06:15:14
prion
prion
Cross site request forgery (csrf)
2023-05-10 06:15:00
wpvulndb
wpvulndb
Liquid Speech Balloon < 1.2 - Settings Update via CSRF
2023-04-19 00:00:00
nvd
nvd
CVE-2023-27889
2023-05-10 06:15:14
jvn
jvn
JVN#99657911: WordPress plugin "LIQUID SPEECH BALLOON” vulnerable to cross-site request forgery
2023-04-19 00:00:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 17, 2023 to Apr 23, 2023)
2023-04-27 12:16:14

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.9%

JSON
Related for CVELIST:CVE-2023-27889
cve1prion1wpvulndb1nvd1jvn1wordfence1