What is CVE-2023-1867?

A medium-severity vulnerability, CVE-2023-1867, has been identified in the YourChannel plugin for WordPress, affecting versions up to and including 1.2.3. This vulnerability is due to missing or incorrect nonce validation on the save function, making it susceptible to Cross-Site Request Forgery attacks. Unauthenticated attackers can potentially change the plugin's settings by tricking a site administrator into performing an action, such as clicking on a link. Websites using the affected YourChannel plugin versions are at risk.

Who is impacted by this?

The vulnerability affects users of the YourChannel plugin for WordPress, specifically those using versions up to and including 1.2.3. Websites using these versions are at risk due to the susceptibility to Cross-Site Request Forgery attacks.

What to do if CVE-2023-1867 affected you

If you're affected by the CVE-2023-1867 vulnerability, it's crucial to take action to secure your WordPress site. Follow these simple steps to mitigate the risk:

1. Update the YourChannel plugin to version 1.2.5 or a newer patched version.

2. Regularly check for updates and apply them as soon as possible.

3. Be cautious when clicking on links from unknown sources to avoid falling victim to CSRF attacks.Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1867 vulnerability in the YourChannel plugin for WordPress is not listed in CISA's Known Exploited Vulnerabilities Catalog.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-352, which is a Cross-Site Request Forgery issue in the YourChannel plugin for WordPress.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page and the sources listed below.

• Wordfence Intelligence

• CVE Record | CVE