Cross-Site Request Forgery Vulnerability in GiveWP Plugin for WordPress
CVE-2023-4247
5.4MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 11 January 2024
What is CVE-2023-4247?
The GiveWP plugin for WordPress has a Cross-Site Request Forgery vulnerability due to inadequate nonce validation in the give_sendwp_disconnect function. This flaw allows unauthenticated attackers to disable the SendWP plugin by tricking site administrators into executing unauthorized actions, such as clicking on a malicious link. Users should be cautious and ensure their plugins are updated to protect against potential exploitation.
Affected Version(s)
GiveWP – Donation Plugin and Fundraising Platform * <= 2.33.3