The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-12-04T21:29:32.963Z

Updated: 2024-08-02T08:14:24.267Z

Reserved: 2023-10-31T14:50:26.479Z

Link: CVE-2023-5884

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-04T22:15:08.020

Modified: 2024-11-21T08:42:42.393

Link: CVE-2023-5884

cve-icon Redhat

No data.