Vulnerability CVE-2023-2271


Published: 2023-08-16

Description:
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

 References:
https://wpscan.com/vulnerability/31512f33-c310-4b36-b665-19293097cc8b

Copyright 2026, cxsecurity.com

 

Back to Top