CVE-2023-5884

Summary

The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.

Affected Software

VendorProductVersion RangeStatus
UnknownWord Balloon0 < 4.20.3affected

Weaknesses

  • CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References