CVE-2023-5884
Word Balloon < 4.20.3 - Avatar Removal via CSRF
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
04 dic 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.
Productos afectados
Unknown · Word Balloon