WordPress Customify Plugin <= 2.10.4 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-27633

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Customify – Intuitive Website Styling
Vendor: CVE Published:; 22 November 2023

What is CVE-2023-27633?

The Pixelgrade Customify plugin for WordPress is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability in versions 2.10.4 and earlier. This security flaw allows an attacker to manipulate authenticated users into executing unwanted actions on their behalf, potentially leading to unauthorized changes and exposure of sensitive data. It is crucial for users of this plugin to review their version and apply necessary updates to mitigate risks.

Affected Version(s)

Customify – Intuitive Website Styling <= 2.10.4

References

https://patchstack.com/database/vulnerability/customify/w...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2023
Vulnerability Reserved
Mar 5, 2023

Credit

Mika (Patchstack Alliance)

JSON