CVE-2023-2495

2023-07-1016:15:51

WPScan

web.nvd.nist.gov

cve-2023-2495

greeklish-permalink

wordpress

plugin

authorization

nonce checks

ajax

csrf

security

vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

34.4%

JSON

The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin’s functionality to change Post slugs either directly or through CSRF.

Affected configurations

Nvd

Vulners

Node

greeklish-permalink_projectgreeklish-permalinkRange≤3.3wordpress

VendorProductVersionCPE
greeklish-permalink_projectgreeklish-permalink*cpe:2.3:a:greeklish-permalink_project:greeklish-permalink:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
greeklish-permalink_project	greeklish-permalink	*	cpe:2.3:a:greeklish-permalink_project:greeklish-permalink::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Greeklish-permalink",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.5"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]