43 matches found
WordPress POEditor Plugin <= 0.9.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software POEditor Type Plugin Vulnerable versions = 0.9.7 Fixed in 0.9.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4209 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f865ac408812 Credits Dmitrii Required privilege...
POEditor < 0.9.8 - Settings Reset via CSRF
Description The plugin does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks. PoC...
POEditor < 0.9.8 - Settings Reset via CSRF
Description The plugin does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks. document.forms0.submit;...