2 matches found
CVE-2023-4247
The CVE-2023-4247 issue affects the GiveWP WordPress plugin (up to 2.33.3). Root cause: missing/incorrect nonce validation in GiveWP’s give_sendwp_disconnect function enables CSRF to deactivate the SendWP plugin by forged requests, exploitable by unauthenticated attackers who trick an admin. Impa...
WordPress GiveWP Plugin <= 2.33.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software GiveWP Type Plugin Vulnerable versions = 2.33.3 Fixed in 2.33.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4247 Patch priority Low CVSS severity Low 4.3 Developer Liquid Web / StellarWP PSID fe1779b76e9b Credits Marco Wotschka...