CVE-2023-4628

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Mar 12, 2024
CWE ID 200

Summary

CVE-2023-4628 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the LadiApp plugin for WordPress. This issue arises from the lack of a nonce check on the ladiflow_save_hook() function, available up to and including version 4.4. Consequently, unauthenticated attackers can exploit this flaw by crafting deceitful links that, when clicked by a site administrator, enable the attacker to modify the 'ladiflow_hook_configs' option unauthorisedly. This could potentially lead to significant site configuration changes or other malicious activities. Users are strongly advised to update to the latest plugin version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apache Airflow

Affected Vendors

  • Apache Software Foundation