4 matches found
WordPress Travelpayouts plugin < 1.1.13 - Settings Update via CSRF vulnerability
Settings Update via CSRF vulnerability discovered by Erwan LR WPScan in WordPress Plugin Travelpayouts versions 1.1.13...
CVE-2023-5934
creationtimestamp| type| source ---|---|--- 2025-05-16 19:34:46+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16745...
CVE-2023-5934 Travelpayouts < 1.1.13 - Settings Update via CSRF
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack...
CVE-2023-5934
CVE-2023-5934 affects the Travelpayouts WordPress plugin: versions prior to 1.1.13 lack CSRF protection when importing v1 settings, enabling a CSRF attack to modify settings by a logged-in admin. Documented PoC/exploitation paths exist (e.g., WPScan/patchstack references). Vulnerability context s...