WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-26516

8.8HIGH

Key Information:

Vendor: WordPress
Status: Debug Assistant
Vendor: CVE Published:; 13 November 2023

What is CVE-2023-26516?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WPIndeed Debug Assistant plugin for WordPress, affecting versions up to 1.4. This flaw could allow an attacker to trick a logged-in user into executing unwanted actions on their behalf, leading to potential unauthorized changes or data exposure. Site administrators should ensure they are using the latest version of this plugin to mitigate the risk associated with this vulnerability.

Affected Version(s)

Debug Assistant <= 1.4

References

https://patchstack.com/database/vulnerability/debug-assis...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2023
Vulnerability Reserved
Feb 24, 2023

Credit

Prasanna V Balaji (Patchstack Alliance)