CVE-2023-28495 – WordPress WP Shortcode by MyThemeShop Plugin <= 1.4.16 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-28495

16 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop WP Shortcode by MyThemeShop plugin <= 1.4.16 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento MyThemeShop WP Shortcode by MyThemeShop en versiones <= 1.4.16. The WP Shortcode by MyThemeShop plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.16. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticat... • https://patchstack.com/database/vulnerability/wp-shortcode/wordpress-wp-shortcode-by-mythemeshop-plugin-1-4-16-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •