First published: Mon Nov 20 2023(Updated: )
The WooHoo Newspaper Magazine theme does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|Affected Software||Affected Version||How to fix|
|Bdaia Woohoo Newspaper Magazine Theme||<=1.4.3|
The vulnerability ID for this WooHoo Newspaper Magazine Theme vulnerability is CVE-2023-4824.
The severity of CVE-2023-4824 is high, with a severity value of 8.8.
An attacker can exploit CVE-2023-4824 by performing a CSRF attack to make a logged-in admin change the theme's settings.
Versions up to and including 2.5.3 of the WooHoo Newspaper Magazine Theme are affected by CVE-2023-4824.
Yes, updating to a version higher than 2.5.3 of the WooHoo Newspaper Magazine Theme will fix CVE-2023-4824.