CVE-2023-5884
Word Balloon < 4.20.3 - Avatar Removal via CSRF
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
04 dez 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.
Produtos afetados
Unknown · Word Balloon