3 matches found
CVE-2023-1086 Preview Link Generator < 1.0.4 - Arbitrary Plugin Activation via CSRF
The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
CVE-2023-1086 Preview Link Generator < 1.0.4 - Arbitrary Plugin Activation via CSRF
The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
CVE-2023-1086
CVE-2023-1086 affects the Preview Link Generator WordPress plugin, up to version 1.0.3. The root cause is a lack of CSRF validation when activating plugins, allowing an unauthenticated attacker to trigger plugin activations via CSRF if a user is logged in. The documented impact is arbitrary plugi...