CVE-2023-2334

Published: May 15, 2025Modified: Jun 11, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

Affected (2)

Products: Westerndeal: Easy Digital Downloads Google Sheet Connector · Gsheetconnector: Edd Gsheetconnector

1 product

Easy Digital Downloads Google Sheet Connector

Gsheetconnector

1 product

Edd Gsheetconnector

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Westerndeal Easy Digital Downloads Google Sheet Connector	Before 1.6.6

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Gsheetconnector Edd Gsheetconnector	Before 1.4

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (1)

https://wpscan.com/vulnerability/95562684-2bb1-46f0-838c-8501db6b43ed/

Source: contact@wpscan.com

Third Party Advisory

Timeline

No history available yet.