CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34378 – WordPress WP Hide Post Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34378
03 Jun 2023 — Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP Hide Post plugin <= 2.0.10 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento scriptburn.Com WP Hide Post en versiones <= 2.0.10. The WP Hide Post plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.10. This is due to missing or incorrect nonce validation on the save_bulk_edit_data function. This makes it possible for unauthenticated attackers to hide arbitr... • https://patchstack.com/database/vulnerability/wp-hide-post/wordpress-wp-hide-post-plugin-2-0-10-cross-site-request-forgery-csrf-leading-to-post-status-change-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •