WordPress Read More Excerpt Link Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-26011

8.8HIGH

Key Information:

Vendor: WordPress
Status: Read More Excerpt Link
Vendor: CVE Published:; 23 May 2023

What is CVE-2023-26011?

A Cross-Site Request Forgery (CSRF) vulnerability exists in versions of the Tim Eckel Read More Excerpt Link plugin up to 1.6. This flaw could allow an attacker to trick users into executing unintended actions on behalf of an authenticated user, potentially compromising user accounts and enabling unauthorized data changes. Admins should ensure that upgraded versions are applied to mitigate associated risks.

Affected Version(s)

References

https://patchstack.com/database/vulnerability/read-more-e...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2023
Vulnerability Reserved
Feb 17, 2023

Credit

Mika (Patchstack Alliance)