CVE-2023-6946 – This vulnerability in the Autotitle for WordPre... (How to Fix)

Q: What is the severity of CVE-2023-6946?

CVE-2023-6946 has a CVSS score of 8.8 (HIGH). This vulnerability in the Autotitle for WordPress plugin allows attackers to trick logged-in administrators into changing plugin settings without their knowledge via Cross-Site Request Forgery (CSRF). Attackers can craft malicious requests that appear legitimate, potentially modifying critical configuration. WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

This vulnerability in the Autotitle for WordPress plugin allows attackers to trick logged-in administrators into changing plugin settings without their knowledge via Cross-Site Request Forgery (CSRF). Attackers can craft malicious requests that appear legitimate, potentially modifying critical configuration. WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

Autotitle for WordPress plugin

Versions: 1.0.3 and earlier

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin enabled. Attack requires administrator to be logged in and tricked into visiting a malicious page.

📦 What is this software?

Autotitle by Unalignedcode

View all CVEs affecting Autotitle →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify plugin settings to inject malicious code, redirect users to phishing sites, or disable security features, potentially leading to site compromise or data theft.

🟠

Likely Case

Attackers would change plugin settings to inject unwanted content, modify site behavior, or degrade functionality, requiring admin intervention to restore proper configuration.

🟢

If Mitigated

With proper CSRF protections in place, only authenticated administrators making intentional requests can modify settings, preventing unauthorized changes.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to trick an administrator into clicking a malicious link while logged in. CSRF attacks are well-understood and easy to implement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.4 or later

Vendor Advisory: https://wordpress.org/plugins/autotitle/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Autotitle' plugin. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Disable plugin temporarily

all

Deactivate the vulnerable plugin until patched

wp plugin deactivate autotitle

Implement CSRF protection at web server level

linux

Configure web server to add CSRF tokens or validate referrer headers

# Requires web server configuration (e.g., Apache .htaccess or Nginx config)

🧯 If You Can't Patch

Restrict admin access to trusted networks only
Implement strict SameSite cookie policies and Content Security Policy (CSP)

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Autotitle version. If version is 1.0.3 or earlier, you are vulnerable.

Check Version:

wp plugin get autotitle --field=version

Verify Fix Applied:

After updating, verify plugin version shows 1.0.4 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-admin/admin.php?page=autotitle from unexpected referrers
Multiple failed CSRF token validations

Network Indicators:

HTTP requests to plugin admin endpoints without proper referrer headers or CSRF tokens

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-admin/admin.php" AND query_string="page=autotitle") AND http_method="POST" AND NOT referrer CONTAINS "your-domain.com"

📊 Metadata

CVE ID: CVE-2023-6946

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: January 29, 2024

Last Updated: June 11, 2025

🔗 References

https://magos-securitas.com/txt/CVE-2023-6946 Exploit
https://wpscan.com/vulnerability/54a00416-c7e3-44f3-8dd2-ed9e748055e6/ Exploit,Third Party Advisory
https://magos-securitas.com/txt/CVE-2023-6946 Exploit
https://wpscan.com/vulnerability/54a00416-c7e3-44f3-8dd2-ed9e748055e6/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6946, you might also want to check these: