CVE-2023-6501

Severity CVSS v4.0:
Pending analysis
Type:
CWE-352 Cross-Site Request Forgery (CSRF)
Publication date:
12/02/2024
Last modified:
28/10/2024

Description

The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:cochinoman:splashscreen:*:*:*:*:*:wordpress:*:* 0.20 (including)