CVE-2023-1623

Severity CVSS v4.0:
Pending analysis
Type:
CWE-352 Cross-Site Request Forgery (CSRF)
Publication date:
24/04/2023
Last modified:
04/02/2025

Description

The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:webdevstudios:custom_post_type_ui:*:*:*:*:*:wordpress:*:* 1.13.5 (excluding)