GamiPress CSRF Vulnerability Affects Versions 2.5.6
CVE-2023-25697
6.3MEDIUM
Summary
A Cross-Site Request Forgery (CSRF) vulnerability exists in the GamiPress plugin, potentially allowing attackers to perform unauthorized settings changes on affected WordPress sites. This vulnerability poses a risk to website administrators and users, as it can lead to compromised site integrity and security. The issue affects all versions of GamiPress up to and including version 2.5.6, emphasizing the importance of updating and securing user environments against such vulnerabilities.
Affected Version(s)
GamiPress <= 2.5.6
References
CVSS V3.1
Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dave Jong (Patchstack)