Medium severity6.5NVD Advisory· Published Dec 4, 2023· Updated Jun 17, 2026
CVE-2023-5884
CVE-2023-5884
Description
The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Word Balloondescription
- Range: <4.20.3
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/f4a7937c-6f4b-49dd-b88a-67ebe718ad19nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.