4 matches found
CVE-2023-6633
The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks...
CVE-2023-6633
The CVE-2023-6633 entry concerns the Site Notes WordPress plugin (versions
CVE-2023-6633 Site Notes <= 2.0.0 - Admin Note Deletion via CSRF
The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks...
WordPress Site Notes Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Site Notes Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6633 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 772e7c731cdb Credits Pedro Cuco Illex Required...