CVE-2023-5756

MEDIUM

Digital Publications by Supsystic <= 1.7.6 - Cross-Site Request Forgery via AJAX Action Handler

Title source: llm

Description

The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

References (3)

Core 3

Core References

https://plugins.trac.wordpress.org/changeset/3010075

Product

https://plugins.trac.wordpress.org/browser/digital-publications-by-supsystic/trunk/classes/frame.php#L144

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/2304e4dc-0dc6-4ded-b8e6-8d76d70f63d7?source=cve

Scores

CVSS v3 5.4

EPSS 0.0027

EPSS Percentile 18.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Details

CWE

CWE-352

Status published

Products (2)

supsystic/digital_publications_by_supsystic < 1.7.6

supsysticcom/WordPress Flipbook by Supsystic < 1.7.6

Published Dec 09, 2023

Tracked Since Feb 18, 2026