Reviews and Rating – Google My Business by Design Extreme

Reviews and Rating – Google My Business by Design Extreme <= 4.14 - Subscriber+ Plugin Settings Update

LANACOMMONVDB ID: 836f6466-21e1-4251-aa94-f78d6bb3aa8b

The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when updating a plugin settings, which could allow any authenticated users, such as subscriber to update plugin settings.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/g-business-reviews-rating/

CVE: CVE-2023-23986

Attributes

Catgory: WordPress Plugin

Discovered: 2023-01-06

Published: 2023-01-20

Affected Version: <= 4.14

Classification

Type: Cross-Site Request Forgery (CSRF), Missing Authorization

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).