CVE-2023-46087

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 16, 2023

Updated: Oct 19, 2023

CWE ID 352

Summary

CVE-2023-46087 is a Cross-Site Request Forgery (CSRF) vulnerability affecting version 1.4.14.3 of the Mahlamusa Who Hit The Page – Hit Counter plugin. An attacker can exploit this issue by tricking a user into visiting a malicious website, which would allow the attacker to perform unintended actions on the user's behalf. This could include modifications to the user's account settings or unauthorized data access. The vulnerability occurs due to insufficient input validation and authorization checks, making it important for users to update the plugin to a secure version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tB5NLH
https://www.cve.org/CVERecord?id=CVE-2023-46087
https://nvd.nist.gov/vuln/detail/CVE-2023-46087

Back to Vulnerability Database

CVE-2023-46087

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations