WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-26516

8.8HIGH

Key Information:

Vendor: WordPress
Status: Debug Assistant
Vendor: CVE Published:; 13 November 2023

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WPIndeed Debug Assistant plugin for WordPress, affecting versions up to 1.4. This flaw could allow an attacker to trick a logged-in user into executing unwanted actions on their behalf, leading to potential unauthorized changes or data exposure. Site administrators should ensure they are using the latest version of this plugin to mitigate the risk associated with this vulnerability.

Affected Version(s)

Debug Assistant <= 1.4

References

https://patchstack.com/database/vulnerability/debug-assis...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2023
Vulnerability Reserved
Feb 24, 2023

Credit

Prasanna V Balaji (Patchstack Alliance)