CVE-2023-46095

Summary

CVE-2023-46095 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 1.1.0 and below of the Chetan Gole Smooth Scroll Links [SSL] plugin. A successful exploit of this issue could allow an attacker to execute malicious actions on behalf of a user, who is currently authenticated and logged into a vulnerable application, after enticing the user to visit a specially crafted website. The vulnerability stems from insufficient anti-CSRF protection in plugin functions, posing a significant risk to users' data confidentiality and integrity. To mitigate this risk, users are strongly advised to upgrade to the latest plugin version or consider disabling the plugin until a patch becomes available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.