CVE-2023-34028 – WordPress WOLF Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-34028

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions. The WOLF plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create new profiles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •