4 matches found
CVE-2023-5006
The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request...
CVE-2023-5006 WP Discord Invite < 2.5.1 - Arbitrary Settings Update via CSRF
The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request...
CVE-2023-5006
CVE-2023-5006 (WP Discord Invite) : The WordPress plugin WP Discord Invite is vulnerable to a CSRF flaw in versions before 2.5.1, enabling an unauthenticated attacker to cause actions on behalf of an authenticated admin by tricking them into submitting crafted requests. Public details confirm the...
WordPress WP Discord Invite Plugin < 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Discord Invite Type Plugin Vulnerable versions 2.5.1 Fixed in 2.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5006 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ddd467b1e925 Credits Enrico Marcolini...