WordPress TK Google Fonts GDPR Compliant Plugin <= 2.2.11 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-5823

8.8HIGH

Key Information:

Vendor: WordPress
Status: Tk Google Fonts Gdpr Compliant
Vendor: CVE Published:; 6 November 2023

What is CVE-2023-5823?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the ThemeKraft TK Google Fonts GDPR Compliant plugin, affecting versions up to 2.2.11. This flaw allows an attacker to trick a user into executing unwanted actions on a web application in which they are authenticated, potentially leading to unauthorized changes or data exposure. It is crucial for users and site administrators to apply security measures to mitigate this vulnerability and protect their WordPress sites.

Affected Version(s)

TK Google Fonts GDPR Compliant <= 2.2.11

References

https://patchstack.com/database/vulnerability/tk-google-f...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2023
Vulnerability Reserved
Oct 27, 2023

Credit

Mika (Patchstack Alliance)