CVE-2023-4628
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2023-4628 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the LadiApp plugin for WordPress. This issue arises from the lack of a nonce check on the ladiflow_save_hook() function, available up to and including version 4.4. Consequently, unauthenticated attackers can exploit this flaw by crafting deceitful links that, when clicked by a site administrator, enable the attacker to modify the 'ladiflow_hook_configs' option unauthorisedly. This could potentially lead to significant site configuration changes or other malicious activities. Users are strongly advised to update to the latest plugin version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Apache Airflow
Affected Vendors
- Apache Software Foundation