Lucene search
WPScanCVE-2023-0502HistoryMar 27, 2023 - 4:15 p.m.
CVE-2023-0502
2023-03-2716:15:08
WPScan
web.nvd.nist.gov
35
cve-2023-0502
wp news
wordpress plugin
csrf
security vulnerability
arbitrary plugin activation
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
33.2%
The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Affected configurations
Node
hasthemeswp_newsRange≤1.1.9wordpress
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP News",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "1.1.9"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
WP News <= 1.1.9 - Arbitrary Plugin Activation via CSRF
2023-02-28 00:00:00
cvelist
cvelist
CVE-2023-0502 WP News <= 1.1.9 - Arbitrary Plugin Activation via CSRF
2023-03-27 15:37:29
prion
prion
Cross site request forgery (csrf)
2023-03-27 16:15:00
wpexploit
wpexploit
WP News <= 1.1.9 - Arbitrary Plugin Activation via CSRF
2023-02-28 00:00:00
nvd
nvd
CVE-2023-0502
2023-03-27 16:15:08
wordfence
wordfence
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
33.2%
Related for CVE-2023-0502