3 matches found
WordPress Custom Post Type UI Plugin < 1.13.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Custom Post Type UI Type Plugin Vulnerable versions 1.13.5 Fixed in 1.13.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1623 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 181f1805c79c Credits Erwan LR Require...
CVE-2023-1623 Custom Post Type UI < 1.13.5 - Debug Info Sending via CSRF
The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack...
CVE-2023-1623
CVE-2023-1623 affects the WordPress plugin Custom Post Type UI prior to 1.13.5. The issue is a CSRF in the debug information sending flow to a user-supplied email, enabling a logged-in admin to cause that information to be sent to an arbitrary address. Impact is primarily on confidentiality (expo...