The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. This is due to missing or incorrect nonce validation on the chp_abd_action function. This makes it possible for unauthenticated attackers to update or reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Metrics
Affected Vendors & Products
References
History
Fri, 27 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-08-31T05:33:13.592Z
Updated: 2024-09-27T19:09:47.254Z
Reserved: 2023-04-27T15:54:41.964Z
Link: CVE-2023-2352
Vulnrichment
Updated: 2024-08-02T06:19:14.678Z
NVD
Status : Modified
Published: 2023-08-31T06:15:09.313
Modified: 2024-11-21T07:58:26.520
Link: CVE-2023-2352
Redhat
No data.