CVE-2023-4161

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 31, 2023

Updated: Nov 7, 2023

CWE ID 427

Summary

CVE-2023-4161 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WooCommerce PDF Invoice Builder plugin for WordPress. Versions up to and including 1.2.90 of this plugin are impacted, allowing unauthenticated attackers to create invoice fields by tricking an admin into performing an action, such as clicking on a malicious link. The SaveCustomField function in the plugin does not include a necessary nonce check, making it exploitable and posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sgJrOq
https://www.cve.org/CVERecord?id=CVE-2023-4161
https://nvd.nist.gov/vuln/detail/CVE-2023-4161

Back to Vulnerability Database

CVE-2023-4161

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations