CVE-2023-6529

Name of the Vulnerable Software and Affected Versions WP VR WordPress plugin versions prior to 8.3.15

Description The issue concerns a lack of authorization and CSRF protection in a function hooked to admin init, allowing unauthenticated users to downgrade the plugin. This can lead to Reflected or Stored XSS, as previous versions of the plugin have such vulnerabilities.

Recommendations For versions prior to 8.3.15, update to version 8.3.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin init function to prevent unauthenticated downgrades.