CVE-2023-6633

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 29, 2024

Updated: Aug 7, 2024

CWE ID 352

Summary

CVE-2023-6633 is a vulnerability affecting the Site Notes WordPress plugin before version 2.0.0. This issue lacks Cross-Site Request Forgery (CSRF) protections in certain functionalities, making it susceptible to CSRF attacks. Malicious actors can exploit this vulnerability to coerce logged-in users into unwanted actions, such as deleting administration notes, without their consent. The absence of CSRF checks increases the risk of security breaches, emphasizing the importance of updating the plugin to a secure version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tvVHct
https://www.cve.org/CVERecord?id=CVE-2023-6633
https://nvd.nist.gov/vuln/detail/CVE-2023-6633

Back to Vulnerability Database

CVE-2023-6633

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations