WordPress I Recommend This Plugin <= 3.9.0 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-28696

8.8HIGH

Key Information:

Vendor: WordPress
Status: I Recommend This
Vendor: CVE Published:; 12 November 2023

What is CVE-2023-28696?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the I Recommend This plugin developed by Themeist. This security flaw allows attackers to potentially exploit the plugin by tricking users into executing unwanted actions without their consent. The vulnerability affects versions of the plugin up to 3.9.0, making it crucial for users to evaluate and implement security measures to safeguard against potential exploits.

Affected Version(s)

I Recommend This <= 3.9.0

References

https://patchstack.com/database/vulnerability/i-recommend...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2023
Vulnerability Reserved
Mar 21, 2023

Credit

thiennv (Patchstack Alliance)