CVE-2023-6197

Name of the Vulnerable Software and Affected Versions The Audio Merchant plugin for WordPress versions up to, and including, 5.0.4

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the audio merchant save settings function. This allows unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request, provided they can trick a site administrator into performing a specific action.

Recommendations For versions up to, and including, 5.0.4, update to a version that includes the fix for the missing or incorrect nonce validation in the audio merchant save settings function. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.