2 matches found
CVE-2023-1089
The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
WordPress Coupon Zen Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Coupon Zen Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6059f6769c37 Credits WordFence Required privilege...