CVE-2023-27453

MEDIUM

LWS Tools <= 2.3.1 - Cross-Site Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-27453. PoCs published by yaudahbanh.

AI-analyzed exploit summary The repository contains detailed descriptions of multiple WordPress plugin vulnerabilities, including XSS and CSRF issues, with mitigation steps and references. No exploit code is present, but technical details and timelines are provided.

Description

Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.3.1 versions.

Exploits (1)

github WRITEUP

by yaudahbanh · poc

https://github.com/yaudahbanh/CVE-Archive/tree/main/CVE-2023-27453

View Code ZIP pw:eip

The repository contains detailed descriptions of multiple WordPress plugin vulnerabilities, including XSS and CSRF issues, with mitigation steps and references. No exploit code is present, but technical details and timelines are provided.

Classification

Writeup 90%

Attack Type

Xss | Csrf

Complexity

Moderate

Reliability

Theoretical

Target: WordPress plugins (e.g., EZP Coming Soon Page, WP Booking System, eCommerce Product Catalog)

No auth needed

Prerequisites: Access to vulnerable WordPress plugin versions

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/lws-tools/wordpress-lws-tools-plugin-2-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Scores

CVSS v3 5.4

EPSS 0.0030

EPSS Percentile 21.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (2)

LWS/LWS Tools < 2.3.1

lws/lws_tools < 2.3.1

Published Nov 22, 2023

Tracked Since Feb 18, 2026