CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41660 – WordPress WP Migration Plugin DB & Files – WP Synchro Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41660
01 Sep 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <= 1.9.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WPSynchro WP Synchro en versiones <= 1.9.1. The WP Migration Plugin DB & Files – WP Synchro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.1. This is due to missing nonce validation on several render() functions. This makes it possible for unauthenticated attackers to modify the plugi... • https://patchstack.com/database/vulnerability/wpsynchro/wordpress-wordpress-migration-plugin-db-files-wp-synchro-plugin-1-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •