Lucene search

PatchstackCVELIST:CVE-2023-45269

HistoryOct 13, 2023 - 3:00 p.m.

CVE-2023-45269 WordPress Simple SEO Plugin <= 2.0.25 is vulnerable to Cross Site Request Forgery (CSRF)

2023-10-1315:00:17

CWE-352

Patchstack

www.cve.org

wordpress simple seo

vulnerability

csrf

david cole

plugin

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

0.0005 Low

EPSS

Percentile

17.1%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.25 versions.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "cds-simple-seo",
    "product": "Simple SEO",
    "vendor": "David Cole",
    "versions": [
      {
        "changes": [
          {
            "at": "2.0.26",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.0.25",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/cds-simple-seo/wordpress-simple-seo-plugin-2-0-23-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2023-45269