Lucene search

K
cvelistWPScanCVELIST:CVE-2023-6391
HistoryJan 29, 2024 - 2:44 p.m.

CVE-2023-6391 Custom User CSS <= 0.2 - Settings Update via CSRF

2024-01-2914:44:27
WPScan
www.cve.org
2
cve-2023-6391
custom user css
wordpress
csrf
settings update

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

32.5%

The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Custom User CSS",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "0.2"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

32.5%

Related for CVELIST:CVE-2023-6391