Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-0728
HistoryFeb 07, 2023 - 10:15 p.m.

Cross site request forgery (csrf)

2023-02-0722:15:00
PRIOn knowledge base
www.prio-n.com
4
wordpress
wicked folders
cross-site request forgery

4.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.9%

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.

CPENameOperatorVersion
wicked_foldersle2.18.16

4.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.9%

Related for PRION:CVE-2023-0728