CVE-2023-41694 – WordPress Realbig Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-41694

04 Sep 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <= 1.0.3 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Realbig Team Realbig para WordPress en versiones <= 1.0.3. The Realbig plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing nonce validation on the tokenSync() function. This makes it possible for unauthenticated attackers to modify plugin settings an... • https://patchstack.com/database/vulnerability/realbig-media/wordpress-realbig-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •