题目: - WordPress Simple Testimonials Showcase Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF) 风险: - CVSS 4.3 - Cross Site Request Forgery (CSRF) - This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. 解决方案: - This security issue has a low severity impact and is unlikely to be exploited. - Remove and replace software. - This software was last updated over a year ago and will likely not receive further updates or fixes. Note that deactivating the software does not remove the security threat unless a vPatch is deployed. 详细信息: - Software: Simple Testimonials Showcase - Type: Plugin - Vulnerable versions: <= 1.1.6 - Fixed in: N/A 时间轴: - Reported by Nguyen Xuan Chien: 19 Jul 2023 - Early warning sent out to Patchstack customers: 23 Nov 2023 - Published by Patchstack: 25 Nov 2023