CVE-2023-1086: Preview Link Generator < 1.0.4 - Arbitrary Plugin Activation via CSRF
First published: Mon Mar 27 2023(Updated: )
The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hasthemes Preview Link Generator | <1.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of the Preview Link Generator WordPress plugin?
The vulnerability ID of the Preview Link Generator WordPress plugin is CVE-2023-1086.
What is the severity rating of CVE-2023-1086?
CVE-2023-1086 has a severity rating of 4.3 (medium).
How can an attacker exploit CVE-2023-1086?
An attacker can exploit CVE-2023-1086 by performing a CSRF attack to make logged-in admins activate arbitrary plugins.
What software versions are affected by CVE-2023-1086?
The Preview Link Generator WordPress plugin versions up to 1.0.4 are affected by CVE-2023-1086.
Is there a fix available for CVE-2023-1086?
Yes, upgrading to version 1.0.4 of the Preview Link Generator WordPress plugin fixes CVE-2023-1086.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/hasthemes
- canonical/hasthemes preview link generator