CVE-2023-47686

Summary

CVE-2023-47686 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 2.7.2.2 of the Arigato Autoresponder and Newsletter plugin by Kiboko Labs. An attacker can exploit this issue to force authenticated users to perform unintended actions on the website, such as making unauthorized changes or taking other malicious actions. The flaw occurs due to the plugin's failure to properly validate and filter user inputs, enabling attackers to craft malicious requests that can be executed on behalf of the vulnerable user. Successful exploitation of this vulnerability may lead to data theft, unauthorized access, or even website defacement. Users are advised to update their plugin to the latest version as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.