WordPress Short URL Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-45058

4.3MEDIUM

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
12 October 2023

What is CVE-2023-45058?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the KaizenCoders Short URL plugin, affecting all versions up to 1.6.8. This security flaw allows attackers to exploit user interactions, potentially leading to unauthorized actions on behalf of the targeted user. It is essential for users of the affected plugin to update to a secure version and follow best practices in application security to mitigate risks associated with this vulnerability.

Affected Version(s)

Short URL <= 1.6.8

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mika (Patchstack Alliance)
.