CSRF Vulnerability in TS Webfonts for SAKURA by WordPress
CVE-2023-32625

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Ts Webfonts For Sakura
Vendor: CVE Published:; 21 July 2023

What is CVE-2023-32625?

A CSRF vulnerability in TS Webfonts for SAKURA allows remote attackers to exploit the lack of proper authentication mechanisms. By tricking an authenticated user into viewing a malicious page, an attacker can hijack the user's session and alter critical settings within the application. This risk emphasizes the need for implementing robust security measures to prevent unauthorized actions on behalf of users.

Affected Version(s)

TS Webfonts for SAKURA 3.1.2 and earlier

References

https://ja.wordpress.org/plugins/ts-webfonts-for-sakura/#...

https://jvn.jp/en/jp/JVN90560760/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2023
Vulnerability Reserved
May 11, 2023