Lucene search
HistoryMay 08, 2023 - 2:15 p.m.
CVE-2023-0522
cve-2023-0522
wordpress
csrf
plugin vulnerability
admin attack
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
25.2%
The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Affected configurations
Node
enable\/disable_auto_login_when_register_projectenable\/disable_auto_login_when_registerRange≤1.1.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| enable\/disable_auto_login_when_register_project | enable\/disable_auto_login_when_register | * | cpe:2.3:a:enable\/disable_auto_login_when_register_project:enable\/disable_auto_login_when_register:*:*:*:*:*:wordpress:*:* |
Related
cve
cve
CVE-2023-0522
2023-05-08 14:15:11
prion
prion
Cross site request forgery (csrf)
2023-05-08 14:15:00
cvelist
cvelist
wordfence
wordfence
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
25.2%
Related for NVD:CVE-2023-0522