3 matches found
WordPress Autotitle for WordPress Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Autotitle for WordPress Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6946 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 89d669161c10 Credits Daniel Ruf...
CVE-2023-6946
The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2023-6946 Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF
The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...