Lucene search

K
patchstackElliotPATCHSTACK:5625F84A8B36838F99A47D90DB2437E0
HistoryNov 28, 2023 - 12:00 a.m.

WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

2023-11-2800:00:00
Elliot
patchstack.com
1
wordpress button generator
cross site request forgery
vulnerable versions
fixed in
low severity
patch priority
cve
unauthenticated
published

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

Software

Button Generator – easily Button Builder

Type

Plugin

Vulnerable versions

<= 2.3.8

Fixed in

2.3.9

OWASP Top 10

A5: Security Misconfiguration

Classification

Cross Site Request Forgery (CSRF)

CVE

CVE-2023-49155

Patch priority

Low

CVSS severity

Low (4.3)

Developer

Claim ownership

PSID

f69c6cdb268a

Credits

Elliot Elliot

Required privilege

Unauthenticated

Published

28 November, 2023

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
wow-companybutton_generatorRange2.3.8wordpress
VendorProductVersionCPE
wow-companybutton_generator*cpe:2.3:a:wow-company:button_generator:*:*:*:*:*:wordpress:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

Related for PATCHSTACK:5625F84A8B36838F99A47D90DB2437E0