Cross-Site Request Forgery Vulnerability in Under Construction Plugin for WordPress
CVE-2023-0831
4.3MEDIUM
What is CVE-2023-0831?
The Under Construction plugin for WordPress has a security vulnerability that allows for Cross-Site Request Forgery (CSRF). This flaw arises from inadequate nonce validation in the dismiss_notice function as triggered by the admin_action_ucp_dismiss_notice action. When exploited, this vulnerability permits unauthenticated attackers to bypass notifications intended for site administrators by sending a manipulated request. Attackers can potentially mislead an administrator into taking actions that dismiss important plugin alerts, which could lead to oversight of critical updates or changes.
Affected Version(s)
Under Construction * <= 3.96