The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-12-04T21:29:32.963Z
Updated: 2024-08-02T08:14:24.267Z
Reserved: 2023-10-31T14:50:26.479Z
Link: CVE-2023-5884
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-04T22:15:08.020
Modified: 2024-11-21T08:42:42.393
Link: CVE-2023-5884
Redhat
No data.