Lucene search
WpvulndbWPVDB-ID:A72329E6-502D-4414-9D23-53B3C21DB3B2HistoryNov 23, 2023 - 12:00 a.m.
Easy Call Now by ThikShare <= 1.1.0 - Cross-Site Request Forgery via settings_page
2023-11-2300:00:00
wpscan.com
5
wordpress
plugin
cross-site request forgery
vulnerability
settings_page
nonce validation
unauthenticated attackers
site administrator
Description The Easy Call Now by ThikShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the settings_page function. This makes it possible for unauthenticated attackers to modify the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Related
prion
prion
Cross site request forgery (csrf)
2023-11-22 19:15:00
cve
cve
CVE-2023-47819
2023-11-22 19:15:09
nvd
nvd
CVE-2023-47819
2023-11-22 19:15:09
cvelist
cvelist
wordfence
wordfence
AI Score
6.6
Confidence
Low
EPSS
0.001
Percentile
24.1%
Related for WPVDB-ID:A72329E6-502D-4414-9D23-53B3C21DB3B2