5 matches found
CVE-2023-0498
creationtimestamp| type| source ---|---|--- 2023-03-27 20:49:58+00:00| seen| https://t.me/cibsecurity/60800 2025-02-20 01:27:44+00:00| seen| Telegram/-mCSEN5cBzAkLgqUoYwfbGVxB6LRzIVKH7S8hqrqSe9ONLJn...
CVE-2023-0498
The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
CVE-2023-0498 WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF
The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
CVE-2023-0498
CVE-2023-0498 affects the WP Education WordPress plugin prior to 1.2.7. The vulnerability is a CSRF flaw in the plugin activation flow that could allow a CSRF attacker to cause logged-in admins to activate arbitrary plugins on the blog. Remediation: upgrade to WP Education 1.2.7 or later (patched...
CVE-2023-0498 WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF
The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...