CVE-2023-4629

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 12, 2024

Summary

CVE-2023-4629 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the LadiApp plugin for WordPress. The issue lies in the save_config() function, which lacks a nonce check in versions up to 4.3. This weakness enables unauthenticated attackers to manipulate the 'ladipage_config' option through a malicious request, provided they can persuade a site administrator to execute a specific action such as clicking on a link. Successful exploitation could result in unauthorized configuration changes to the affected WordPress site.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tFfuKO
https://www.cve.org/CVERecord?id=CVE-2023-4629
https://nvd.nist.gov/vuln/detail/CVE-2023-4629

Back to Vulnerability Database

CVE-2023-4629

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations