What is CVE-2023-6968?

CVE-2023-6968 is a high-severity vulnerability in Lvaudore The Moneytizer, classified under Improper Access Control. CVSS score: 8.1/10. Published 2024-06-06.

How severe is CVE-2023-6968?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in Lvaudore The Moneytizer

CVE-2023-6968

The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.6.3. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for un…

EPSS: 0.002 (36.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Lvaudore The Moneytizer — versions 0

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

www.wordfence.com/threat-intel/vulnerabilities/id/14351561-bd31-4aaa-931a-e7291…
wordpress.org/plugins/the-moneytizer/
plugins.trac.wordpress.org/changeset/3099347/the-moneytizer/trunk/core/core_aja…

Frequently asked questions

What is CVE-2023-6968?: CVE-2023-6968 is a high-severity vulnerability in Lvaudore The Moneytizer, classified under Improper Access Control. CVSS score: 8.1/10. Published 2024-06-06.
How severe is CVE-2023-6968?: High severity. CVSS v3 base score is 8.1 out of 10.