WordPress Complianz and Complianz Premium plugins - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS)
CVE-2023-33333

7.1HIGH

Key Information:

Vendor: WordPress
Status: Complianz; Complianz Premium
Vendor: CVE Published:; 30 November 2023

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Complianz and Complianz Premium plugins by Really Simple Plugins. This flaw allows attackers to exploit the CSRF issue, leading to potential Cross-Site Scripting (XSS) attacks. Affected users running versions of Complianz up to 6.4.4 and Complianz Premium up to 6.4.6.1 may face security risks if appropriate measures are not taken. Users are advised to update their plugins to the latest versions as a precautionary step.

Affected Version(s)

Complianz <= 6.4.4

Complianz Premium <= 6.4.6.1

References

https://patchstack.com/database/vulnerability/complianz-g...

vdb-entry

https://patchstack.com/database/vulnerability/complianz-g...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 30, 2023
Vulnerability Reserved
May 22, 2023

Credit

Rafie Muhammad (Patchstack)