Lucene search
PatchstackCVE-2023-46212HistoryDec 19, 2023 - 12:15 a.m.
CVE-2023-46212
2023-12-1900:15:07
CWE-352
CWE-862
Patchstack
web.nvd.nist.gov
40
cve-2023-46212
missing authorization
csrf
tiencop
wp extra
vulnerability
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
19.0%
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2.
Affected configurations
Node
wpvnteamwp_extraRangeβ€6.2wordpress
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-extra",
"product": "WP EXtra",
"vendor": "TienCOP",
"versions": [
{
"changes": [
{
"at": "6.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
WP EXtra < 6.3 - Missing Authorization to Export Settings
2023-11-23 00:00:00
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2023-12-19 00:15:00
nvd
nvd
CVE-2023-46212
2023-12-19 00:15:07
wordfence
wordfence
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
19.0%
Related for CVE-2023-46212