WordPress Custom Dashboard Widgets Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2024-22290

8.8HIGH

Key Information:

Vendor: WordPress
Status: Custom Dashboard Widgets
Vendor: CVE Published:; 31 January 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Custom Dashboard Widgets developed by AboZain, which could allow an attacker to exploit this weakness to perform unauthorized actions. This vulnerability enables the potential for Cross-Site Scripting (XSS) attacks, posing security risks to users of affected versions. The issue impacts all versions of Custom Dashboard Widgets from an unspecified version up through 1.3.1, exposing sensitive data and compromising the integrity of the application.

Affected Version(s)

Custom Dashboard Widgets <= 1.3.1

References

https://patchstack.com/database/vulnerability/custom-dash...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2024
Vulnerability Reserved
Jan 8, 2024

Credit

Dimas Maulana (Patchstack Alliance)