Lucene search
WPScanCVE-2023-5525HistoryNov 27, 2023 - 5:15 p.m.
CVE-2023-5525
2023-11-2717:15:08
CWE-862
WPScan
web.nvd.nist.gov
37
cve-2023-5525
wordpress plugin
authorization bypass
nonce
ajax
security vulnerability
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.5
Confidence
High
EPSS
0
Percentile
14.0%
The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the toggle_auto_update AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.
Affected configurations
Node
limitloginattemptslimit_login_attempts_reloadedRange<2.25.26wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| limitloginattempts | limit_login_attempts_reloaded | * | cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Limit Login Attempts Reloaded",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.25.26"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpexploit
wpexploit
nvd
nvd
CVE-2023-5525
2023-11-27 17:15:08
prion
prion
Authorization
2023-11-27 17:15:00
openvas
openvas
cvelist
cvelist
wpvulndb
wpvulndb
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.5
Confidence
High
EPSS
0
Percentile
14.0%
Related for CVE-2023-5525