Lucene search

[email protected]NVD:CVE-2023-7253

HistoryApr 24, 2024 - 5:15 a.m.

CVE-2023-7253

2024-04-2405:15:46

[email protected]

web.nvd.nist.gov

import wp

ssrf attacks

administrator role

wordpress plugin

multisite configurations

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

The Import WP WordPress plugin before 2.13.1 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.

References

wpscan.com/vulnerability/aeefcc01-bbbf-4d86-9cfd-ea0f9a85e1a5/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2023-7253

wpvulndb1 cve1 wpexploit1 vulnrichment1 cvelist1 wordfence1