Lucene search

[email protected]NVD:CVE-2023-0502

HistoryMar 27, 2023 - 4:15 p.m.

CVE-2023-0502

2023-03-2716:15:08

[email protected]

web.nvd.nist.gov

wp news

wordpress

csrf

attack

admins

plugins

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

33.2%

JSON

The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

Affected configurations

Nvd

Node

hasthemeswp_newsRange≤1.1.9wordpress

VendorProductVersionCPE
hasthemeswp_news*cpe:2.3:a:hasthemes:wp_news:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
hasthemes	wp_news	*	cpe:2.3:a:hasthemes:wp_news::::::wordpress::*

References

wpscan.com/vulnerability/c959f4ce-b6ea-4aee-9a98-aa98d2a62138

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

33.2%

JSON

Related for NVD:CVE-2023-0502

wpvulndb1 prion1 cve1 cvelist1 wpexploit1 wordfence1