CVE-2023-51673 — Cross-Site Request Forgery in Stylish Price List Price Table Builder QR Code Restaurant Menu

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

9.8CRITICALNVD

CNA5.4

EPSS

0.1%

top 84.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Designful Stylish Price List Price Table Builder QR Code Restaurant Menu Stylishpricelist Stylish Price List

Timeline

PublishedJan 5

Description

Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5designful/stylish_price_list_price_table_builder_qr_code_restaurant_menun/a — 7.0.17

▶NVDstylishpricelist/stylish_price_list7.0.17

🔴Vulnerability Details

GHSA

GHSA-9frx-f993-wf86: Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu↗2024-01-05

▶

CVEList

WordPress Stylish Price List Plugin <= 7.0.17 is vulnerable to Broken Access Control↗2024-01-05

▶