WP Knowledgebase <= 1.3.4 – CSRF | CVE 2023-5802

Affects Plugins

No known fix

References

CVE

CVE-2023-5802

URL

https://patchstack.com/database/vulnerability/wp-knowledgebase/wordpress-wp-knowledgebase-plugin-1-3-4-cross-site-request-forgery-csrf-vulnerability

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Nguyen Xuan Chien

Verified

No

WPVDB ID

007f21f9-a83d-440a-a792-30cd3739ff1c

Timeline

Publicly Published

2023-10-26 (about 2 years ago)

Added

2023-10-27 (about 2 years ago)

Last Updated

2023-10-27 (about 2 years ago)

Other

Published

Title

Published

2019-06-18

Title

The Official Facebook Chat Plugin < 1.3 - CSRF

Published

2023-03-14

Title

xili-tidy-tags < 1.12.04 - Cross-Site Request Forgery

Published

2024-04-12

Title

WP EasyCart < 5.6.0 - Cross-Site Request Forgery

Published

2024-10-18

Title

SafetyForms <= 1.0.0 - Cross-Site Request Forgery

Published

2021-06-01

Title

MC4WP: Mailchimp for WordPress < 4.8.5 - Unauthorised Actions via CSRF