Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:CEEF42B3-71C2-4F95-B1FD-FB138B7297DF
HistoryAug 10, 2023 - 12:00 a.m.

Absolute Privacy <= 2.1 - User Email/Password Change via Cross-Site Request Forgery

2023-08-1000:00:00
wpscan.com
3
absolute privacy
user email
password change
cross-site request forgery
csrf
csrf attack
unauthenticated attacker
logged in administrator

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

57.4%

JSON

Description The plugin does not protect its abpr_profileShortcode action against CSRF attacks, allowing an unauthenticated attacker to change a users email or password by tricking a logged in administrator to submit a crafted request.

Related

cve 1
cvelist 1
prion 1
nvd 1
wordfence 1
cve
cve
CVE-2023-4276
2023-08-10 07:15:37
cvelist
cvelist
CVE-2023-4276
2023-08-10 06:53:58
prion
prion
Cross site request forgery (csrf)
2023-08-10 07:15:00
nvd
nvd
CVE-2023-4276
2023-08-10 07:15:37
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 7, 2023 to August 13, 2023)
2023-08-17 13:45:31

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

57.4%

JSON
Related for WPVDB-ID:CEEF42B3-71C2-4F95-B1FD-FB138B7297DF
cve1cvelist1prion1nvd1wordfence1