Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CVE-2023-0500

🗓️ 27 Mar 2023 16:08:15Reported by WPScanType 
cve
 cve🔗 web.nvd.nist.gov👁 44 Views🌐 WEB

The WP Film Studio WordPress plugin before 1.3.5 lacks CSRF check when activating plugins, enabling attackers to execute CSRF attacks

Show more
Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
WPVulnDB		WP Film Studio < 1.3.5 - Arbitrary Plugin Activation via CSRF
28 Feb 202300:00
wpvulndb
Patchstack		WordPress WP Film Studio Plugin < 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)
28 Mar 202300:00
patchstack
Vulnrichment		CVE-2023-0500 WP Film Studio < 1.3.5 - Arbitrary Plugin Activation via CSRF
27 Mar 202315:37
vulnrichment
NVD		CVE-2023-0500
27 Mar 202316:15
nvd
wpexploit		WP Film Studio < 1.3.5 - Arbitrary Plugin Activation via CSRF
28 Feb 202300:00
wpexploit
Prion		Cross site request forgery (csrf)
27 Mar 202316:15
prion
Cvelist		CVE-2023-0500 WP Film Studio < 1.3.5 - Arbitrary Plugin Activation via CSRF
27 Mar 202315:37
cvelist
Wordfence Blog		Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)
9 Mar 202314:32
wordfence
Nvd
Vulners
Node
hasthemeswp_film_studioRange<1.3.5wordpress
[
  {
    "vendor": "Unknown",
    "product": "WP Film Studio",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.3.5"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]
ParameterPositionPathDescriptionCWE
actionrequest body/wp-admin/admin-ajax.phpThe absence of CSRF checks allows attackers to activate arbitrary plugins via a CSRF attack when making a POST request to this endpoint.CWE-352
locationrequest body/wp-admin/admin-ajax.phpThe absence of CSRF checks allows attackers to activate arbitrary plugins via a CSRF attack when making a POST request to this endpoint.CWE-352

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
27 Mar 2023 16:15Current
6.3Medium risk
Vulners AI Score6.3
CVSS36.5
EPSS0.00063
SSVC
wp film studiowordpressplugincsrfcsrf attacksecurityvulnerabilitynvd
44
.json
Report