CVE-2023-45267 – WordPress IRivYou Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-45267

06 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <= 2.2.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Zizou1988 IRivYou en versiones <= 2.2.1. The IRivYou plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the saveOptionsReviewsPlugin function. This makes it possible for unauthenticated attackers to update the plugin's options via a ... • https://patchstack.com/database/vulnerability/wooreviews-importer/wordpress-irivyou-add-reviews-from-aliexpress-and-amazon-to-woocommerce-plugin-2-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •