CVE-2023-1089

MEDIUM

Coupon Zen WordPress Plugin < 1.0.6 - Cross-Site Request Forgery via Plugin Activation

Title source: llm
STIX 2.1

Description

The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/9787e26f-33fe-4c65-abb3-7f5c76ae8d6f

Scores

CVSS v3 4.3
EPSS 0.0027
EPSS Percentile 18.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
hasthemes/coupon_zen < 1.0.6
Published Mar 27, 2023
Tracked Since Feb 18, 2026