WordPress WP Knowledgebase Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-5802

4.3MEDIUM

What is CVE-2023-5802?

The WP Knowledgebase plugin by Mihai Iova suffers from a Cross-Site Request Forgery (CSRF) vulnerability, which allows attackers to perform actions on behalf of authenticated users. This exploit can lead to unauthorized changes or actions being executed on the site, potentially compromising user accounts and sensitive data. Users of the plugin version 1.3.4 and earlier are particularly at risk, making it crucial for website administrators to apply security updates and adopt best practices to mitigate the risk of such vulnerabilities.

Affected Version(s)

WordPress Knowledge base & Documentation Plugin – WP Knowledgebase <= 1.3.4

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nguyen Xuan Chien (Patchstack Alliance)
.