CVE-2023-31078 WordPress WP BrowserUpdate Plugin <= 4.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

2023-11-1013:32:41

CWE-352

Patchstack

www.cve.org

wordpress

plugin

vulnerability

csrf

AI Score

Confidence

High

EPSS

0.001

Percentile

24.1%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.4.1 versions.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-browser-update",
    "product": "WP BrowserUpdate",
    "vendor": "Marco Steinbrecher",
    "versions": [
      {
        "changes": [
          {
            "at": "4.5",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "4.4.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-browser-update/wordpress-wp-browserupdate-plugin-4-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve