The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-08-30T14:22:05.165Z

Updated: 2024-08-02T07:17:12.079Z

Reserved: 2023-08-07T13:52:09.610Z

Link: CVE-2023-4209

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-08-30T15:15:10.047

Modified: 2024-11-21T08:34:37.763

Link: CVE-2023-4209

cve-icon Redhat

No data.