WordPress Download SpamReferrerBlock Plugin <= 2.22 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-34371

8.8HIGH

Key Information:

Vendor: WordPress
Status: Spamreferrerblock
Vendor: CVE Published:; 9 November 2023

Summary

The SpamReferrerBlock plugin, developed by Didier Sampaolo, has a Cross-Site Request Forgery (CSRF) vulnerability in versions up to 2.22. This flaw allows attackers to manipulate users' interactions with the web application, potentially leading to unauthorized actions on behalf of the user without their consent. Website administrators using the affected versions should prioritize updating their plugin to safeguard their platforms from potential exploits.

Affected Version(s)

SpamReferrerBlock <= 2.22

References

https://patchstack.com/database/vulnerability/spamreferre...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 9, 2023
Vulnerability Reserved
Jun 2, 2023

Credit

LEE SE HYOUNG (Patchstack Alliance)