CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6196 – Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-6196
17 Nov 2023 — The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audio_merchant_add_audio_file function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Audio Merchant para WordPress es vulnerable a la Cross-Site R... • https://plugins.trac.wordpress.org/browser/audio-merchant/trunk/audio-merchant.php#L1298 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6197 – Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Settings Modifcation and Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-6197
17 Nov 2023 — The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audio_merchant_save_settings function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Audio Merchant para WordPress es... • https://plugins.trac.wordpress.org/browser/audio-merchant/trunk/audio-merchant.php#L951 • CWE-352: Cross-Site Request Forgery (CSRF) •