CVE-2023-23659: WordPress MainWP Matomo Extension Plugin <= 4.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
First published: Thu Feb 23 2023(Updated: )
Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MainWP Motomo | <4.0.5 |
Remedy
Update to 4.0.5 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-23659?
The severity of CVE-2023-23659 is high with a CVSS score of 8.8.
How does CVE-2023-23659 affect MainWP Matomo Extension?
CVE-2023-23659 affects MainWP Matomo Extension versions <= 4.0.4.
What is Cross-Site Request Forgery (CSRF) vulnerability?
Cross-Site Request Forgery (CSRF) is an attack that tricks the victim into submitting a malicious request by leveraging their authenticated session.
How can I fix CVE-2023-23659?
To fix CVE-2023-23659, update MainWP Matomo Extension to version 4.0.5 or higher.
Where can I find more information about CVE-2023-23659?
You can find more information about CVE-2023-23659 at https://patchstack.com/database/vulnerability/mainwp-piwik-extension/wordpress-mainwp-matomo-extension-plugin-4-0-4-csrf-leading-to-plugin-settings-change-vulnerability?_s_id=cve
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/remedy
- agent/references
- agent/title
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mainwp
- canonical/mainwp motomo