CVE-2023-46189 – WordPress Google Calendar Events Plugin <= 3.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-46189

18 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar – Google Calendar Plugin <= 3.2.5 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Simple Calendar de Google Calendar en versiones <= 3.2.5. The Google Calendar Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.5. This is due to missing nonce validation on the 'bulk_actions' function. This makes it possible for unauthenticated attackers to perform b... • https://patchstack.com/database/vulnerability/google-calendar-events/wordpress-google-calendar-events-plugin-3-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •