Lucene search
PRIOn knowledge basePRION:CVE-2023-2447HistoryNov 22, 2023 - 8:15 a.m.
Cross site request forgery (csrf)
2023-11-2208:15:00
PRIOn knowledge base
www.prio-n.com
2
cross-site request forgery
userpro
wordpress
vulnerability
export users
csv file
unauthenticated attackers
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the ‘export_users’ function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted they can trick a site administrator into performing an action such as clicking on a link.
Related
cve
cve
CVE-2023-2447
2023-11-22 08:15:07
nvd
nvd
CVE-2023-2447
2023-11-22 08:15:07
wpvulndb
wpvulndb
cvelist
cvelist
CVE-2023-2447
2023-11-22 07:32:11
wordfence
wordfence