CVE-2023-36682: WordPress Schema Pro Plugin <= 2.7.7 is vulnerable to Cross Site Request Forgery (CSRF)
First published: Thu Nov 30 2023(Updated: )
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Brainstormforce WP Schema Pro | <2.7.8 |
Remedy
Update to 2.7.8 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2023-36682.
What is the title of this vulnerability?
The title of this vulnerability is 'WordPress Schema Pro Plugin <= 2.7.7 is vulnerable to Cross-Site Request Forgery (CSRF)'.
What is Cross-Site Request Forgery (CSRF)?
Cross-Site Request Forgery (CSRF) is a type of attack that forces an authenticated user to perform unwanted actions on a web application in which they are authenticated.
How can the vulnerability be exploited?
The vulnerability can be exploited by an attacker tricking an authenticated user of the affected plugin into performing malicious actions on their behalf.
How can I fix this vulnerability?
To fix this vulnerability, update the Schema Pro plugin to version 2.7.8 or later.
- agent/type
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/author
- agent/title
- agent/remedy
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/brainstormforce
- canonical/brainstormforce wp schema pro