WordPress WP BrowserUpdate Plugin <= 4.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-31078

8.8HIGH

Key Information:

Vendor: WordPress
Status: WP Browserupdate
Vendor: CVE Published:; 10 November 2023

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WP BrowserUpdate plugin developed by Marco Steinbrecher, affecting versions up to 4.4.1. This flaw can allow unauthorized actions to be performed on behalf of authenticated users, potentially compromising the security of websites utilizing this plugin. Website administrators are advised to update to the latest version to mitigate this vulnerability and protect their assets.

Affected Version(s)

WP BrowserUpdate <= 4.4.1

References

https://patchstack.com/database/vulnerability/wp-browser-...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 10, 2023
Vulnerability Reserved
Apr 24, 2023

Credit

qilin_99 (Patchstack Alliance)