Back to search
CVE-2023-1623
Published: Apr 24, 2023
Modified: Feb 4, 2025
PUBLISHED
Description
The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack.
| Vendor | Product | Versions |
|---|---|---|
Unknown | Custom Post Type UI | affected 0 - < 1.13.5 |
References
https://wpscan.com/vulnerability/a04d3808-f4fc-4d77-a1bd-be623cd7053e
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now