CVE-2023-27615

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 6, 2023

Updated: Oct 10, 2023

CWE ID 352

Summary

CVE-2023-27615 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 1.5.1 and below of the WP Super Minify plugin by Dipak C. Gajjar. This issue allows malicious actors to manipulate user actions on a targeted website, by tricking them into opening a specially crafted link. Successful exploitation could result in unintended data modifications or even complete website takeover. Users are strongly urged to update to the latest patch or deactivate and remove the plugin to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sk5Yyw
https://www.cve.org/CVERecord?id=CVE-2023-27615
https://nvd.nist.gov/vuln/detail/CVE-2023-27615

Back to Vulnerability Database

CVE-2023-27615

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations