Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWordfenceCVELIST:CVE-2023-4729
HistoryMar 12, 2024 - 9:33 a.m.

CVE-2023-4729

2024-03-1209:33:56
Wordfence
raw.githubusercontent.com
1
wordpress
cross-site request forgery
missing nonce check
ajax action
vulnerability
ladiapp plugin

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.4%

JSON

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Related

wpvulndb 1
prion 1
cve 1
wordfence 1
wpvulndb
wpvulndb
LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Cross-Site Request Forgery via publish_lp()
2024-03-11 00:00:00
prion
prion
Cross site request forgery (csrf)
2024-03-12 10:15:00
cve
cve
CVE-2023-4729
2024-03-12 10:15:08
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)
2024-03-21 15:55:11

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.4%

JSON
Related for CVELIST:CVE-2023-4729
wpvulndb1prion1cve1wordfence1