WordPress WP Tiles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25482

8.8HIGH

Key Information:

Vendor: WordPress
Status: WP Tiles
Vendor: CVE Published:; 18 July 2023

What is CVE-2023-25482?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WP Tiles plugin developed by Mike Martel. This vulnerability affects versions 1.1.2 and earlier, allowing an attacker to perform unauthorized actions on behalf of a logged-in user. Exploitation of this flaw could lead to security breaches if proper safeguards are not implemented. Website administrators are encouraged to review the status of their installations and take appropriate measures to mitigate this risk.

Affected Version(s)

WP Tiles <= 1.1.2

References

https://patchstack.com/database/vulnerability/wp-tiles/wo...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Feb 6, 2023

Credit

Mika (Patchstack Alliance)