Lucene search

[email protected]CVE-2023-28780

HistoryNov 18, 2023 - 11:15 p.m.

CVE-2023-28780

2023-11-1823:15:08

CWE-352

[email protected]

web.nvd.nist.gov

cve-2023-28780

csrf

yoast local premium

nvd

vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through 14.8.

Affected configurations

Vulners

NVD

Node

yoastyoast_local_seoRange≤14.8

VendorProductVersionCPE
yoastyoast_local_seo*cpe:2.3:a:yoast:yoast_local_seo:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yoast	yoast_local_seo	*	cpe:2.3:a:yoast:yoast_local_seo::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Yoast Local Premium",
    "vendor": "Yoast",
    "versions": [
      {
        "changes": [
          {
            "at": "14.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "14.8",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wpseo-local/wordpress-yoast-seo-local-plugin-14-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Related for CVE-2023-28780

prion1 nvd1 cvelist1 wordfence1