Lucene search
WpvulndbWPVDB-ID:746C40E3-0728-42DB-BB81-1C8BB63284F5HistoryJun 02, 2023 - 12:00 a.m.
Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery (CSRF)
2023-06-0200:00:00
wpscan.com
5
azexo page builder
cross-site request forgery
csrf attacks
ajax actions
unauthenticated attacker
crafted request
0.002 Low
EPSS
Percentile
61.7%
The plugin does not protect the ajax actions azh_add_post, azh_duplicate_post, azh_update_post and azh_remove_post against CSRF attacks, allowing an unauthenticated attacker to add, modify and delete posts by tricking a logged in user to submit a crafted request.
| CPE | Name | Operator | Version |
|---|---|---|---|
| page-builder-by-azexo | eq | * |
Related
cve
cve
CVE-2023-3052
2023-06-03 00:15:09
prion
prion
Cross site request forgery (csrf)
2023-06-03 00:15:00
cvelist
cvelist
CVE-2023-3052
2023-06-02 23:37:56
nvd
nvd
CVE-2023-3052
2023-06-03 00:15:09
wordfence
wordfence