4 matches found
CVE-2023-2271
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack...
CVE-2023-2271 Tiempo.com <= 0.1.2 - Shortcode Deletion via CSRF
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack...
CVE-2023-2271
CVE-2023-2271 affects the Tiempo.com WordPress plugin (
WordPress Tiempo.com Plugin <= 0.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Tiempo.com Type Plugin Vulnerable versions = 0.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2271 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4f1468ae33c2 Credits Erwan LR WPScan Required...