Lucene search
PatchstackCVELIST:CVE-2023-32960HistoryJun 22, 2023 - 12:51 p.m.
CVE-2023-32960 WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF)
2023-06-2212:51:41
CWE-352
Patchstack
www.cve.org
5
cve-2023-32960
cross site request forgery
wordpress
updraftplus plugin
sitewide
cross site scripting
xss
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
16.8%
Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <=Β 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS).
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "updraftplus",
"product": "UpdraftPlus WordPress Backup Plugin",
"vendor": "UpdraftPlus.Com, DavidAnderson",
"versions": [
{
"changes": [
{
"at": "1.23.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.23.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
UpdraftPlus < 1.23.4 - CSRF
2023-05-18 00:00:00
cve
cve
CVE-2023-32960
2023-06-22 13:15:10
prion
prion
Cross site request forgery (csrf)
2023-06-22 13:15:00
openvas
openvas
WordPress UpdraftPlus Plugin < 1.23.4 CSRF Vulnerability
2023-07-10 00:00:00
nvd
nvd
CVE-2023-32960
2023-06-22 13:15:10
thn
thn
wordfence
wordfence
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
16.8%
Related for CVELIST:CVE-2023-32960