CVE-2023-4318

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 11, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-4318 is a vulnerability affecting the Herd Effects WordPress plugin before version 5.2.4. This issue permits Cross-Site Request Forgery (CSRF) attacks, enabling unauthorized deletion of plugin items. Attackers can exploit this vulnerability to manipulate logged-in admin users into deleting arbitrary effects, potentially leading to data loss or unintended plugin modifications. The lack of CSRF protection in the plugin's deletion functionality exposes WordPress sites using this plugin to these risks. Users are advised to update to the latest plugin version as soon as possible to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/suNH_2
https://www.cve.org/CVERecord?id=CVE-2023-4318
https://nvd.nist.gov/vuln/detail/CVE-2023-4318

Back to Vulnerability Database

CVE-2023-4318

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations