CVE-2023-2495

Name of the Vulnerable Software and Affected Versions Greeklish-permalink WordPress plugin versions prior to 3.4

Description The issue concerns the lack of proper authorization and nonce checks in the cyrtrans ajax old AJAX action. This allows unauthorized and low-privilege users to change Post slugs, either directly or through Cross-Site Request Forgery (CSRF).

Recommendations For Greeklish-permalink WordPress plugin versions prior to 3.4, update to version 3.4 or later to resolve the issue. As a temporary workaround, consider disabling the cyrtrans ajax old AJAX action until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the plugin's features that rely on the vulnerable AJAX action until the issue is resolved.