Lucene search
CVE-2023-0499
The QuickSwish WordPress plugin before 1.1.0 lacks CSRF check, allowing attackers to activate arbitrary plugins via CSRF attack
Show more
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF | 28 Feb 202300:00 | – | wpvulndb |
 | WordPress QuickSwish Plugin < 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF) | 28 Mar 202300:00 | – | patchstack |
 | Cross site request forgery (csrf) | 27 Mar 202316:15 | – | prion |
 | QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF | 28 Feb 202300:00 | – | wpexploit |
 | CVE-2023-0499 QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF | 27 Mar 202315:37 | – | vulnrichment |
 | CVE-2023-0499 | 27 Mar 202316:15 | – | nvd |
 | CVE-2023-0499 QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF | 27 Mar 202315:37 | – | cvelist |
 | Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023) | 9 Mar 202314:32 | – | wordfence |
Node
[
{
"vendor": "Unknown",
"product": "QuickSwish",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.1.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| action | request body | /wp-admin/admin-ajax.php | The QuickSwish WordPress plugin allows CSRF attacks that could enable unauthorized plugin activation. | CWE-352, CWE-200 |
| location | request body | /wp-admin/admin-ajax.php | The QuickSwish WordPress plugin allows CSRF attacks that could enable unauthorized plugin activation. | CWE-352, CWE-200 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo27 Mar 2023 16:15Current
4.5Medium risk
Vulners AI Score4.5
CVSS34.3
EPSS0.00086
SSVC