CVE-2023-6845

HIGH

CommentTweets < 0.6 - Cross-Site Request Forgery

Title source: llm

Description

The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

References (2)

Core 2

Core References

Broken Link

https://magos-securitas.com/txt/2023-6845

Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/cbdaf158-f277-4be4-b022-68d18dae4c55

Scores

CVSS v3 8.8

EPSS 0.0032

EPSS Percentile 23.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-352

Status published

Products (1)

theresehansen/commenttweets < 0.6

Published Jan 08, 2024

Tracked Since Feb 18, 2026