Cross-Site Request Forgery Vulnerability in Download Read More Excerpt Link Plugin for WordPress
CVE-2023-1068

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Read More Excerpt Link
Vendor: CVE Published:; 27 February 2023

What is CVE-2023-1068?

The Download Read More Excerpt Link plugin for WordPress is affected by a Cross-Site Request Forgery vulnerability in versions up to 1.6.0. A lack of adequate nonce validation in the read_more_excerpt_link_menu_options() function allows attackers to exploit this vulnerability. By sending forged requests, an unauthenticated attacker could manipulate plugin settings if they successfully trick an administrator into taking an action, such as clicking on a malicious link. This could lead to unauthorized changes that may compromise the integrity of the WordPress site.

Affected Version(s)

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/2871098/read...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Feb 27, 2023

Credit

Lana Codes

Wordpress

What is CVE-2023-1068?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit