CVE-2023-4318

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 79.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Herd EffectsWow-company Herd Effects
Timeline
PublishedSep 11

Description

The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/herd_effects< 5.2.4

🔴Vulnerability Details

2
CVEList
Herd Effects < 5.2.4 - Effect Deletion via CSRF2023-09-11
GHSA
GHSA-c5c6-5pcc-f6x9: The Herd Effects WordPress plugin before 52023-09-11
CVE-2023-4318 (MEDIUM CVSS 4.3) | The Herd Effects WordPress plugin b | cvebase.io