PT-2024-15205 · WordPress · The Voting Record Wordpress Plugin

Daniel Ruf

Published

2024-01-16

Updated

2024-01-19

CVE-2023-7083

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions The Voting Record WordPress plugin versions 2.0 and earlier

Description The issue is related to the lack of CSRF check in some places, as well as missing sanitisation and escaping, which could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack.

Recommendations For The Voting Record WordPress plugin versions 2.0 and earlier, consider updating to a version that includes the necessary CSRF checks and input sanitisation to prevent Stored XSS attacks. As a temporary workaround, restrict access to sensitive areas of the plugin to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2023-7083

Affected Products

The Voting Record Wordpress Plugin

PT-2024-15205 · WordPress · The Voting Record Wordpress Plugin

CVE-2023-7083

Weakness Enumeration

Related Identifiers

Affected Products

References · 6