CVE-2023-3977

Name of the Vulnerable Software and Affected Versions Inisev WordPress plugins (affected versions not specified)

Description The issue allows unauthenticated attackers to install plugins from a limited list via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. This is due to a missing nonce check on the handle installation function that is called via the inisev installation AJAX action in various versions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.