CVE-2023-52136

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 5, 2024

Updated: Jan 11, 2024

CWE ID 352

Summary

CVE-2023-52136 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Smash Balloon's Custom Twitter Feeds – A Tweets Widget or X Feed Widget. The issue allows malicious actors to manipulate user actions, potentially leading to unintended modifications or access to sensitive information. This vulnerability impacts versions of the plugin from n/a through 2.1.2, making it essential for users to update to a secure version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t84Oau
https://www.cve.org/CVERecord?id=CVE-2023-52136
https://nvd.nist.gov/vuln/detail/CVE-2023-52136

Back to Vulnerability Database

CVE-2023-52136

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations