High severity8.8NVD Advisory· Published Jan 29, 2024· Updated Jun 17, 2026
CVE-2023-6391
CVE-2023-6391
Description
The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Custom User CSS WordPress plugindescription
- Range: <=0.2
Patches
Vulnerability mechanics
References
2- magos-securitas.com/txt/CVE-2023-6391.txtnvdExploit
- wpscan.com/vulnerability/4098b18d-6ff3-462c-af05-48adb6599cf3/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.