CVE-2023-1089: Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF
First published: Mon Mar 27 2023(Updated: )
The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hasthemes Coupon Zen | <1.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-1089?
CVE-2023-1089 is a vulnerability in the Coupon Zen WordPress plugin before 1.0.6 that allows attackers to activate arbitrary plugins on a blog via a CSRF attack.
How does CVE-2023-1089 work?
CVE-2023-1089 occurs because the Coupon Zen plugin does not have a CSRF check when activating plugins, allowing attackers to make logged in admins activate arbitrary plugins.
What is the severity of CVE-2023-1089?
The severity of CVE-2023-1089 is medium with a CVSS score of 4.3.
What software versions are affected by CVE-2023-1089?
The Coupon Zen WordPress plugin versions up to and excluding 1.0.6 are affected by CVE-2023-1089.
How can I fix CVE-2023-1089?
To fix CVE-2023-1089, upgrade to the latest version of the Coupon Zen WordPress plugin (1.0.6 or later).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/hasthemes
- canonical/hasthemes coupon zen