Wiz
Vulnerability DatabaseCVE-2023-51673

CVE-2023-51673
WordPress vulnerability analysis and mitigation

Overview

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu affecting versions through 7.0.17. The vulnerability was disclosed on December 27, 2023, and was assigned CVE-2023-51673 (Patchstack).

Technical details

The vulnerability is classified as a broken access control issue with a CVSS v3.1 base score of 5.4 (Medium) according to Patchstack, while the NVD assessment indicates a CVSS score of 9.8 (Critical). The vulnerability stems from missing authorization, authentication, or nonce token checks in certain functions, potentially allowing unprivileged users to execute higher privileged actions (Patchstack).

Impact

The vulnerability could allow unprivileged users to perform actions that should be restricted to users with higher privileges. However, according to the security assessment, this security issue has a low severity impact and is unlikely to be exploited (Patchstack).

Mitigation and workarounds

The vulnerability has been patched in version 7.0.18 of the plugin. Users are recommended to update to version 7.0.18 or later to remove the vulnerability (Patchstack).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo