CVE-2023-3254

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 18, 2023

Updated: Nov 7, 2023

CWE ID 94

Summary

CVE-2023-3254 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Widgets for Google Reviews plugin for WordPress. Versions up to and including 10.9 are at risk. The issue arises due to missing or incorrect nonce validation within the file setup_no_reg_header.php. Consequently, unauthenticated attackers can manipulate administrators into clicking malicious links, allowing the attacker to reset plugin settings and delete reviews, exploiting the CSRF weakness.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advantech WebAccess/SCADA

Affected Vendors

Advantech

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rd16MN
https://www.cve.org/CVERecord?id=CVE-2023-3254
https://nvd.nist.gov/vuln/detail/CVE-2023-3254

Back to Vulnerability Database