CVE-2023-48755 – WordPress teachPress Plugin <= 9.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-48755

27 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Michael Winkler TeachPress. Este problema afecta a TeachPress: desde n/a hasta 9.0.4. The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.4. This is due to missing or incorrect nonce validation on several functions. • https://patchstack.com/database/vulnerability/teachpress/wordpress-teachpress-plugin-9-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •