CVE-2023-6390
Description
The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
CWE
- (none)
Affected
- Unknown / WordPress Users — v=0 ≤1.4 [affected]
CVSS
- (none)
References
- https://wpscan.com/vulnerability/a0ca68d3-f885-46c9-9f6b-b77ad387d25d/ exploit, vdb-entry, technical-description
- https://magos-securitas.com/txt/2023-6390.txt
Source
cvelistV5-main/cves/2023/6xxx/CVE-2023-6390.json