Lucene search
WPScanCVELIST:CVE-2023-6946HistoryJan 29, 2024 - 2:44 p.m.
CVE-2023-6946 Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF
2024-01-2914:44:22
WPScan
www.cve.org
3
cve-2023-6946
autotitle
wordpress
csrf
settings
stored xss
The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Autotitle for WordPress",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.0.3"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Cross site request forgery (csrf)
2024-01-29 15:15:00
nvd
nvd
CVE-2023-6946
2024-01-29 15:15:09
wpvulndb
wpvulndb
Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF
2024-01-02 00:00:00
cve
cve
CVE-2023-6946
2024-01-29 15:15:09
wpexploit
wpexploit
Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF
2024-01-02 00:00:00
wordfence
wordfence