Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:BB861FEE-05FB-4512-88A3-93C791A24F43
HistoryNov 24, 2023 - 12:00 a.m.

ProfilePress < 4.13.2 Cross-Site Request Forgery via 'admin_notice'

2023-11-2400:00:00
wpscan.com
5
profilepress
cross-site request forgery
wordpress
nonce validation
admin_notice
vulnerability

6.5 Medium

AI Score

Confidence

High

JSON

Description The ProfilePress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.13.1. This is due to missing or incorrect nonce validation on the ‘admin_notice’ function. This makes it possible for unauthenticated attackers to dismiss admin notices granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown.

CPENameOperatorVersion
eq4.13.2

Related

cve 1
mscve 1
kaspersky 1
wordfence 1
cve
cve
CVE-2023-41953
2023-07-28 08:23:58
mscve
mscve
GitHub: CVE-2022-41953 Git GUI Clone Remote Code Execution Vulnerability
2023-02-14 08:00:00
kaspersky
kaspersky
KLA20235 Multiple vulnerabilities in Microsoft Developer Tools
2023-02-14 00:00:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023)
2023-09-14 14:16:39

6.5 Medium

AI Score

Confidence

High

JSON
Related for WPVDB-ID:BB861FEE-05FB-4512-88A3-93C791A24F43
cve1mscve1kaspersky1wordfence1