Lucene search
Daniel RufWPVDB-ID:4098B18D-6FF3-462C-AF05-48ADB6599CF3HistoryJan 03, 2024 - 12:00 a.m.
Custom User CSS <= 0.2 - Settings Update via CSRF
2024-01-0300:00:00
Daniel Ruf
wpscan.com
8
csrf
security
plugin
admin
settings
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
PoC
Create an HTML form with the following content and make a logged in admin open it
Related
prion
prion
Cross site request forgery (csrf)
2024-01-29 15:15:00
cvelist
cvelist
CVE-2023-6391 Custom User CSS <= 0.2 - Settings Update via CSRF
2024-01-29 14:44:27
wpexploit
wpexploit
Custom User CSS <= 0.2 - Settings Update via CSRF
2024-01-03 00:00:00
nvd
nvd
CVE-2023-6391
2024-01-29 15:15:09
cve
cve
CVE-2023-6391
2024-01-29 15:15:09
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
32.5%
Related for WPVDB-ID:4098B18D-6FF3-462C-AF05-48ADB6599CF3