4 matches found
CVE-2023-6196
The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audiomerchantaddaudiofile function. This makes it possible for unauthenticated attackers to upload...
CVE-2023-6196
CVE-2023-6196 (Audio Merchant, WordPress) : The vulnerability is a Cross-Site Request Forgery in all versions up to 5.0.4 caused by missing or incorrect nonce validation in audio_merchant_add_audio_file. This permits unauthenticated attackers to upload arbitrary files by tricking an administrator...
CVE-2023-6196 Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload
The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audiomerchantaddaudiofile function. This makes it possible for unauthenticated attackers to upload...
WordPress Audio Merchant Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Audio Merchant Type Plugin Vulnerable versions = 5.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6196 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 8d1ec07de68f Credits Ala Arfaoui Required...