CVE-2023-23973

2023-03-0113:15:10

CWE-352

[email protected]

web.nvd.nist.gov

cve-2023-23973

cross-site request forgery

csrf

vulnerability

a3rev software

contact people plugin

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

17.2%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Contact Us Page – Contact People plugin <= 3.7.0.

Affected configurations

Vulners

NVD

Node

a3rev_softwarecontact_us_page_–_contact_peopleRange≤3.7.0

CPENameOperatorVersion
a3rev:contact_us_page_-_contact_peoplea3rev contact us page - contact peoplelt3.7.1

CPE	Name	Operator	Version
a3rev:contact_us_page_-_contact_people	a3rev contact us page - contact people	lt	3.7.1

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "contact-us-page-contact-people",
    "product": "Contact Us Page – Contact People",
    "vendor": "a3rev Software",
    "versions": [
      {
        "changes": [
          {
            "at": "3.7.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.7.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/contact-us-page-contact-people/wordpress-contact-us-page-contact-people-plugin-3-7-0-cross-site-request-forgery-csrf-leading-to-contact-creation-vulnerability?_s_id=cve