Lucene search

K
patchstackThiennvPATCHSTACK:1DBF28E568C2854B94254550469A51C2
HistoryJul 24, 2023 - 12:00 a.m.

WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

2023-07-2400:00:00
thiennv
patchstack.com
1
google map shortcode
plugin
vulnerable <= 3.1.2
cross site request forgery
owasp top 10
a5: broken access control
cve-2023-38396
low severity
unauthenticated

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

Software

Google Map Shortcode

Type

Plugin

Vulnerable versions

<= 3.1.2

Fixed in

N/A

OWASP Top 10

A5: Broken Access Control

Classification

Cross Site Request Forgery (CSRF)

CVE

CVE-2023-38396

Patch priority

Low

CVSS severity

Low (5.4)

Developer

Claim ownership

PSID

ad78bcfdec4a

Credits

thiennv thiennv

Required privilege

Unauthenticated

Published

24 July, 2023

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
google_map_shortcode_projectgoogle_map_shortcodeRange3.1.2wordpress
VendorProductVersionCPE
google_map_shortcode_projectgoogle_map_shortcode*cpe:2.3:a:google_map_shortcode_project:google_map_shortcode:*:*:*:*:*:wordpress:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

Related for PATCHSTACK:1DBF28E568C2854B94254550469A51C2