Security Advisory

CVE-2023-1623

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-04-24 18:31:01

Last updated 2025-02-04 16:11:33

Assigner WPScan

State PUBLISHED

Description

The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack.

← Browse all CVEs View on cve.org ↗