Lucene search

PatchstackCVELIST:CVE-2023-51482

HistoryApr 25, 2024 - 8:16 a.m.

CVE-2023-51482 WordPress Eazy Plugin Manager plugin <= 4.1.2 - Auth. Arbitrary Options Update lead to RCE vulnerability

2024-04-2508:16:31

CWE-287

Patchstack

www.cve.org

wordpress

eazy plugin manager

rce

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "plugins-on-steroids",
    "product": "Eazy Plugin Manager",
    "vendor": "EazyPlugins",
    "versions": [
      {
        "changes": [
          {
            "at": "4.1.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "4.1.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/plugins-on-steroids/wordpress-eazy-plugin-manager-plugin-4-1-2-subscriber-arbitrary-options-update-lead-to-rce-vulnerability?_s_id=cve

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-51482