WordPress WP Airbnb Review Slider Plugin <= 3.2 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-23890

8.8HIGH

Key Information:

Vendor: WordPress
Status: WP Airbnb Review Slider
Vendor: CVE Published:; 20 May 2023

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WP Airbnb Review Slider plugin developed by LJ Apps. This vulnerability allows an attacker to perform unauthorized actions on behalf of a logged-in user, potentially leading to the removal of reviews. The affected versions of the plugin are those up to and including version 3.2. It is crucial for users of this plugin to be aware of the risks and apply any necessary updates or mitigations to enhance their site's security.

Affected Version(s)

WP Airbnb Review Slider <= 3.2

References

https://patchstack.com/database/vulnerability/wp-airbnb-r...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 20, 2023
Vulnerability Reserved
Jan 19, 2023

Credit

Rafshanzani Suhada (Patchstack Alliance)