Lucene search

[email protected]NVD:CVE-2023-0551

HistoryAug 16, 2023 - 12:15 p.m.

CVE-2023-0551

2023-08-1612:15:12

[email protected]

web.nvd.nist.gov

wordpress plugin

authorization

csrf

rest api

ajax

attachments

security vulnerability

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

27.4%

JSON

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments

Affected configurations

Nvd

Node

minapperrest_api_to_miniprogramRange≤4.6.1wordpress

VendorProductVersionCPE
minapperrest_api_to_miniprogram*cpe:2.3:a:minapper:rest_api_to_miniprogram:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
minapper	rest_api_to_miniprogram	*	cpe:2.3:a:minapper:rest_api_to_miniprogram::::::wordpress::*

References

wpscan.com/vulnerability/de162a46-1fdb-47b9-9a61-f12a2c655a7d

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

27.4%

JSON

Related for NVD:CVE-2023-0551

cve1 prion1 cvelist1 wpvulndb1 wpexploit1 wordfence1