CVE-2023-6633

The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks...

CVE-2023-6633

The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks...

CVE-2023-6633

The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks...

Cross site request forgery (csrf)

The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks...

CVE-2023-6633 Site Notes <= 2.0.0 - Admin Note Deletion via CSRF

The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks...

CVE-2023-6633 Site Notes <= 2.0.0 - Admin Note Deletion via CSRF

The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks...

CVE-2023-6633

The CVE-2023-6633 entry concerns the Site Notes WordPress plugin (versions

WordPress plugin Site Notes security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2024-15035 · WordPress · Site Notes

Name of the Vulnerable Software and Affected Versions: The Site Notes WordPress plugin versions prior to 2.1 Description: The issue concerns a lack of CSRF checks in some functionalities of the plugin, which could allow attackers to make logged-in users perform unwanted actions, such as deleting...

WordPress Site Notes Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Site Notes Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6633 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 772e7c731cdb Credits Pedro Cuco Illex Required...

Site Notes <= 2.0.0 - Admin Note Deletion via CSRF

Description The plugin does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks PoC Have an administrator open the following HTML file:...

Site Notes <= 2.0.0 - Admin Note Deletion via CSRF

Description The plugin does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks Have an administrator open the following HTML file:...