Vulnerabilities > CVE-2023-0761 - Unspecified vulnerability in Infigosoftware Clock in Portal- Staff & Attendance Management

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

infigosoftware

NVD

Published: 2023-05-15

Updated: 2024-11-21

Summary

The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack

Vulnerable Configurations

Part	Description	Count
Application	Infigosoftware Infigosoftware Clock IN Portal Staff & Attendance Management *	1

References

https://wpscan.com/vulnerability/88fb064e-0001-446c-8e43-9fe3feff6c1f
https://wpscan.com/vulnerability/88fb064e-0001-446c-8e43-9fe3feff6c1f