Lucene search
PatchstackCVE-2023-23790HistoryMay 03, 2023 - 10:15 a.m.
CVE-2023-23790
2023-05-0310:15:16
CWE-352
Patchstack
web.nvd.nist.gov
16
cve-2023-23790
cross-site request forgery
csrf vulnerability
pods framework
team pods plugin
security vulnerability
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
27.5%
Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions.
Affected configurations
Node
podsfoundationpodsRange<2.9.11wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| podsfoundation | pods | * | cpe:2.3:a:podsfoundation:pods:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "pods",
"product": "Pods – Custom Content Types and Fields",
"vendor": "Pods Framework Team",
"versions": [
{
"changes": [
{
"at": "2.9.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.9.10.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2023-23790
2023-05-03 10:15:16
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2023-05-03 10:15:00
wpvulndb
wpvulndb
Pods < 2.9.11 - Pods Deletion via CSRF
2023-01-20 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
27.5%
Related for CVE-2023-23790