CVE-2023-0495

🗓️ 27 Mar 2023 15:37:24Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 66 Views🌐 WEB

The HT Slider For Elementor WordPress plugin before 1.4.0 lacks CSRF check during plugin activation, enabling attackers to execute arbitrary plugin activation via CSRF attack

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-0495	27 Mar 202320:50	–	circl
CNNVD	WordPress plugin HT Slider For Elementor 跨站请求伪造漏洞	27 Mar 202300:00	–	cnnvd
Cvelist	CVE-2023-0495 HT Slider For Elementor < 1.4.0 - Arbitrary Plugin Activation via CSRF	27 Mar 202315:37	–	cvelist
EUVD	EUVD-2023-12543	3 Oct 202520:07	–	euvd
NVD	CVE-2023-0495	27 Mar 202316:15	–	nvd
OSV	CVE-2023-0495	27 Mar 202316:15	–	osv
Patchstack	WordPress HT Slider For Elementor Plugin < 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)	6 Mar 202300:00	–	patchstack
Prion	Cross site request forgery (csrf)	27 Mar 202316:15	–	prion
Positive Technologies	PT-2023-16306 · WordPress · Ht Slider For Elementor	27 Mar 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-0495	23 May 202502:55	–	redhatcve

NVD

Vulners

Node

hasthemes ht_slider_for_elementorRange<1.4.0wordpress

[
  {
    "vendor": "Unknown",
    "product": "HT Slider For Elementor",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.4.0"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/2e3af480-b1a4-404c-b0fc-2b7b6a6b9c27

Parameter	Position	Path	Description	CWE
action	request body	wp-admin/admin-ajax.php	CSRF vulnerability allowing logged-in admins to activate arbitrary plugins via admin-ajax.php using crafted POST body.	CWE-352
location	request body	wp-admin/admin-ajax.php	CSRF vulnerability allowing logged-in admins to activate arbitrary plugins via admin-ajax.php using crafted POST body.	CWE-352

19 Feb 2025 21:15Current

4.5Medium risk

Vulners AI Score4.5

CVSS 3.14.3

EPSS0.00106

SSVC