CVE-2023-5884
The CVE concerns Word Balloon WordPress plugin prior to 4.20.3. The issue is a CSRF flaw in some plugin actions that fails to protect against unauthorized requests, enabling an unauthenticated attacker to trick a logged-in admin into deleting arbitrary avatars by clicking a crafted link. Affected...