PT-2023-24646 · Really Simple Plugins · Really Simple Plugins Complianz Premium+1
Rafie Muhammad
·
Published
2023-11-30
·
Updated
2023-12-05
·
CVE-2023-34030
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Really Simple Plugins Complianz versions through 6.4.5
Really Simple Plugins Complianz Premium versions through 6.4.7
Description
The issue is a Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz and Really Simple Plugins Complianz Premium, allowing Cross-Site Request Forgery.
Recommendations
For Really Simple Plugins Complianz versions through 6.4.5, update to a version later than 6.4.5 to resolve the issue.
For Really Simple Plugins Complianz Premium versions through 6.4.7, update to a version later than 6.4.7 to resolve the issue.
As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to minimize the risk of exploitation.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Really Simple Plugins Complianz
Really Simple Plugins Complianz Premium