CVE-2023-51683
WordPress Easy PayPal Buy Now Button Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1.
Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Scott Paterson Easy PayPal & Stripe Buy Now Button. Este problema afecta al botón Comprar ahora de Easy PayPal y Stripe: desde n/a hasta 1.8.1.
The Easy PayPal Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-12-21 CVE Reserved
- 2023-12-27 CVE Published
- 2024-02-29 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wp Ecommerce Paypal Search vendor "Wp Ecommerce Paypal" | Wp Ecommerce Paypal Search vendor "Wp Ecommerce Paypal" for product "Wp Ecommerce Paypal" | >= 0.0.0 <= 1.8.1 Search vendor "Wp Ecommerce Paypal" for product "Wp Ecommerce Paypal" and version " >= 0.0.0 <= 1.8.1" | en |
Affected
| ||||||