WordPress WP VR – 360 Panorama and Virtual Tour Builder For WordPress Plugin <= 8.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25708
8.8HIGH
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 15 March 2023
Summary
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Rextheme WP VR – 360 Panorama and Virtual Tour Builder plugin, affecting all versions up to 8.2.7. This weakness allows attackers to send unauthorized commands on behalf of users without their consent, potentially compromising user data and site integrity. Users are encouraged to take immediate action by updating the plugin to safeguard their WordPress installations.
Affected Version(s)
WP VR – 360 Panorama and Virtual Tour Builder For WordPress <= 8.2.7
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Abdi Pranata (Patchstack Alliance)