Lucene search

K
patchstackMikaPATCHSTACK:3D98884ADD12457B931DC8395D8666B7
HistoryOct 26, 2023 - 12:00 a.m.

WordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

2023-10-2600:00:00
Mika
patchstack.com
1
wordpress
feather login plugin
cross site request forgery
vulnerable
fixed
csrf
low priority
cve-2023-46777

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

Software

Feather Login Page

Type

Plugin

Vulnerable versions

<= 1.1.3

Fixed in

1.1.4

OWASP Top 10

A1: Broken Access Control

Classification

Cross Site Request Forgery (CSRF)

CVE

CVE-2023-46777

Patch priority

Low

CVSS severity

Low (5.4)

Developer

Claim ownership

PSID

62aa1ddd991f

Credits

Mika Mika

Required privilege

Unauthenticated

Published

26 October, 2023

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
pluginopslanding_pageRange1.1.3wordpress
VendorProductVersionCPE
pluginopslanding_page*cpe:2.3:a:pluginops:landing_page:*:*:*:*:*:wordpress:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

Related for PATCHSTACK:3D98884ADD12457B931DC8395D8666B7