Severity
Medium
Analysis Summary
CVE-2023-3977
Multiple plugins for WordPress by Inisev are vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the handle_installation function. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Impact
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-3977
Affected Vendors
WordPress
Affected Products
- Inisev Plugins for WordPress
Remediation
Upgrade to the latest version of Inisev Plugins, available from the WordPress Plugin Directory.