Lucene search
WpvulndbWPVDB-ID:6FFBF80A-730B-4331-B423-E9E6A1D22562HistoryDec 08, 2023 - 12:00 a.m.
AdFoxly – Ad Manager, AdSense Ads & Ads.txt <= 1.8.5 - Cross-Site Request Forgery
2023-12-0800:00:00
wpscan.com
6
adfoxly
plugin
vulnerability
cross-site request forgery
wordpress
Description The AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.5. This is due to missing or incorrect nonce validation on several functions in the ~/includes/class-adfoxly-ajax.php file. This makes it possible for unauthenticated attackers to modify several settings via a forged request granted they can trick a site’s user into performing an action such as clicking on a link.
Related
cve
cve
CVE-2023-46617
2023-12-18 17:15:09
prion
prion
Cross site request forgery (csrf)
2023-12-18 17:15:00
nvd
nvd
CVE-2023-46617
2023-12-18 17:15:09
cvelist
cvelist
wordfence
wordfence
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
24.1%
Related for WPVDB-ID:6FFBF80A-730B-4331-B423-E9E6A1D22562