CVE-2023-49759

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 18, 2023

Updated: Dec 21, 2023

CWE ID 352

Summary

CVE-2023-49759 refers to a Cross-Site Request Forgery (CSRF) vulnerability discovered in the gVectors Team WooDiscuz plugin for WooCommerce Comments. This issue permits malicious actors to perform unintended actions on affected websites, putting user data at risk. The affected version range is from n/a to 2.3.0, and an update to a patched version is strongly recommended. This vulnerability can be exploited via specially crafted requests, potentially leading to unauthorized modifications or even complete takeover of the affected WordPress site.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/toKL8h
https://www.cve.org/CVERecord?id=CVE-2023-49759
https://nvd.nist.gov/vuln/detail/CVE-2023-49759

Back to Vulnerability Database

CVE-2023-49759

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations