WordPress Schema Pro Plugin <= 2.7.7 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-36682

8.8HIGH

Key Information:

Vendor: WordPress
Status: Schema Pro
Vendor: CVE Published:; 30 November 2023

What is CVE-2023-36682?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Schema Pro, developed by Brainstorm Force US LLC. This flaw allows unauthorized actions to be performed on behalf of authenticated users without their consent or knowledge, potentially compromising sensitive information or leading to data manipulation. The issue affects versions of Schema Pro from n/a to 2.7.7, emphasizing the need for users to implement appropriate security measures to protect their websites.

Affected Version(s)

Schema Pro <= 2.7.7

References

https://patchstack.com/database/vulnerability/wp-schema-p...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2023
Vulnerability Reserved
Jun 26, 2023

Credit

Rafie Muhammad (Patchstack)