CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37990 – WordPress Perelink Pro Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-37990
24 Jul 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <= 2.1.4 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Mike Perelink Pro en versiones <= 2.1.4. The Perelink Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.4. This is due to missing or incorrect nonce validation on the adminPage() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a fo... • https://patchstack.com/database/vulnerability/perelink/wordpress-perelink-pro-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •