WordPress Seraphinite Post .DOCX Source Plugin <= 2.16.6 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-48279

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Seraphinite Post .docx Source
Vendor: CVE Published:; 30 November 2023

What is CVE-2023-48279?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Seraphinite Solutions' Seraphinite Post .DOCX Source plugin, allowing an attacker to perform unauthorized actions on behalf of an authenticated user. This vulnerability impacts versions up to 2.16.6, potentially enabling malicious parties to exploit the trust that a web application has in a user's browser.

Affected Version(s)

Seraphinite Post .DOCX Source <= 2.16.6

References

https://patchstack.com/database/vulnerability/seraphinite...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2023
Vulnerability Reserved
Nov 13, 2023

Credit

Skalucy (Patchstack Alliance)