CVE-2023-46638

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 13, 2023

Updated: Nov 16, 2023

CWE ID 352

Summary

CVE-2023-46638 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 2.5.0 and below of the Webcodin WCP OpenWeather plugin. This issue allows malicious actors to manipulate a user's web session unknowingly, leading to unintended actions being performed on their behalf. An attacker might use this flaw to change settings, add or delete data, or gain unauthorized access to sensitive information. Users are encouraged to update their plugins to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tIwSwz
https://www.cve.org/CVERecord?id=CVE-2023-46638
https://nvd.nist.gov/vuln/detail/CVE-2023-46638

Back to Vulnerability Database

CVE-2023-46638

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations