WordPress wpCentral Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-41854

8.8HIGH

Key Information:

Vendor: WordPress
Status: wpCentral
Vendor: CVE Published:; 10 October 2023

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WpCentral plugin developed by Softaculous Ltd., affecting versions up to 1.5.7. This flaw enables attackers to exploit authenticated users by sending malicious requests, potentially compromising sensitive actions performed by the users without their consent. It is crucial for Web administrators using this plugin to implement security measures and apply patches to safeguard their sites from potential attacks.

Affected Version(s)

wpCentral <= 1.5.7

References

https://patchstack.com/database/vulnerability/wp-central/...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2023
Vulnerability Reserved
Sep 4, 2023

Credit

Rio Darmawan (Patchstack Alliance)