CVE-2023-4150

Sažetak

The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks

Reference

https://wpscan.com/vulnerability/381ef15b-aafe-4ef4-a0bc-867d891f7f44
https://wpscan.com/vulnerability/381ef15b-aafe-4ef4-a0bc-867d891f7f44

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

23-04-2025 - 17:16

Objavljeno

30-08-2023 - 15:15