CVE-2023-41851

2023-10-1009:15:09

CWE-352

[email protected]

web.nvd.nist.gov

cve

2023

41851

csrf

vulnerability

dotsquares

custom post template

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions.

Affected configurations

Vulners

NVD

Node

dotsquareswp_custom_post_templateRange≤1.0

VendorProductVersionCPE
dotsquareswp_custom_post_template*cpe:2.3:a:dotsquares:wp_custom_post_template:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dotsquares	wp_custom_post_template	*	cpe:2.3:a:dotsquares:wp_custom_post_template::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-custom-post-template",
    "product": "WP Custom Post Template",
    "vendor": "Dotsquares",
    "versions": [
      {
        "lessThanOrEqual": "1.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-custom-post-template/wordpress-wp-custom-post-template-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve