CVE-2023-36691

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 10, 2023

Updated: Jul 18, 2023

CWE ID 352

Summary

CVE-2023-36691 represents a Cross-Site Request Forgery (CSRF) vulnerability in the Albert Peschar WebwinkelKeur plugin, affecting versions 3.24 and below. This issue allows an attacker to manipulate a user's browser into performing unintended actions on a website, by forging malicious requests on their behalf. The consequence is potential data theft or modification, with the user remaining unaware of the attack. It is crucial for users to update their plugin to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ryhkx6
https://www.cve.org/CVERecord?id=CVE-2023-36691
https://nvd.nist.gov/vuln/detail/CVE-2023-36691

Back to Vulnerability Database

CVE-2023-36691

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations