CVE-2023-1623

Name of the Vulnerable Software and Affected Versions Custom Post Type UI WordPress plugin versions prior to 1.13.5

Description The issue arises from the plugin's failure to properly check for CSRF when sending debug information to a user-supplied email. This could allow attackers to make a logged-in admin send such information to an arbitrary email address via a CSRF attack.

Recommendations For versions prior to 1.13.5, update to version 1.13.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the debug information feature to minimize the risk of exploitation.