CVE-2023-48754
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-48754 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Delete Post Revisions feature in WordPress versions 4.6 and below. An attacker can exploit this issue by tricking a user into making unintended modifications to their own WordPress posts or pages. The vulnerability arises due to insufficient input validation and authorization checks during the revision deletion process, leaving the system susceptible to CSRF attacks. Successful exploitation could potentially lead to data loss or unauthorized changes for the affected user. It is recommended that WordPress users update to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.