Lucene search

K
patchstackSkalucyPATCHSTACK:08B3C949218BEE1DC4A712E964393672
HistoryMay 12, 2023 - 12:00 a.m.

WordPress Community by PeepSo Plugin <= 6.0.9.0 is vulnerable to Cross Site Request Forgery (CSRF)

2023-05-1200:00:00
Skalucy
patchstack.com
1
wordpress
peepso
plugin
cross site request forgery
csrf
vulnerability
version 6.0.9.0
fixed version 6.1.0.0
owasp top 10
broken access control
cve-2023-32092
low severity
unauthenticated
published date

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

Software

Community by PeepSo

Type

Plugin

Vulnerable versions

<= 6.0.9.0

Fixed in

6.1.0.0

OWASP Top 10

A5: Broken Access Control

Classification

Cross Site Request Forgery (CSRF)

CVE

CVE-2023-32092

Patch priority

Low

CVSS severity

Low (4.3)

Developer

Claim ownership

PSID

b99f695dac2f

Credits

Skalucy Skalucy

Required privilege

Unauthenticated

Published

12 May, 2023

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
-community_by_peepsoRange6.0.9.0
VendorProductVersionCPE
-community_by_peepso*cpe:2.3:a:-:community_by_peepso:*:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

Related for PATCHSTACK:08B3C949218BEE1DC4A712E964393672