WordPress Classic Editor and Classic Widgets Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-27434

8.8HIGH

Key Information:

Vendor: WordPress
Status: Classic Editor and Classic Widgets
Vendor: CVE Published:; 13 November 2023

What is CVE-2023-27434?

The WPGrim Classic Editor and Classic Widgets plugin versions up to 1.2.5 are susceptible to a Cross-Site Request Forgery (CSRF) attack. This vulnerability could allow unauthorized actions to be performed on behalf of users, potentially leading to unauthorized content changes or misuse of user accounts. Proper measures must be implemented to mitigate the risk associated with such vulnerabilities in web applications.

Affected Version(s)

Classic Editor and Classic Widgets <= 1.2.5

References

https://patchstack.com/database/vulnerability/classic-edi...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2023
Vulnerability Reserved
Mar 1, 2023

Credit

Rio Darmawan (Patchstack Alliance)