CVE-2023-49148

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 18, 2023

Updated: Feb 15, 2024

CWE ID 352

Summary

CVE-2023-49148 is a Cross-Site Request Forgery (CSRF) vulnerability that has been identified in the Affiliate Booster – Pros & Cons, Notice, and CTA Blocks plugin for WordPress. This issue puts versions 3.0.5 and below at risk, allowing unauthorized users to submit malicious requests on behalf of affected users. The CSRF vulnerability can potentially lead to data manipulation, unauthorized actions, and other security consequences. Affiliate Booster users are advised to update to the latest version of the plugin to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/thn-Ks
https://www.cve.org/CVERecord?id=CVE-2023-49148
https://nvd.nist.gov/vuln/detail/CVE-2023-49148

Back to Vulnerability Database

CVE-2023-49148

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations