Lucene search

K
patchstackLana CodesPATCHSTACK:A11BBBBADE65D672938527EA9E30BBDC
HistoryMar 28, 2023 - 12:00 a.m.

WordPress WP Film Studio Plugin < 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

2023-03-2800:00:00
Lana Codes
patchstack.com
1
wordpress
film studio
plugin
cross site request forgery
vulnerability
version 1.3.5
owasp top 10
broken access control
cve-2023-0500
low severity
unauthenticated
patch
security issue

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.6

Confidence

Low

Software

WP Film Studio

Type

Plugin

Vulnerable versions

< 1.3.5

Fixed in

1.3.5

OWASP Top 10

A5: Broken Access Control

Classification

Cross Site Request Forgery (CSRF)

CVE

CVE-2023-0500

Patch priority

Low

CVSS severity

Low (4.3)

Developer

Claim ownership

PSID

3455d020bbba

Credits

Lana Codes

Required privilege

Unauthenticated

Published

28 March, 2023

Vulnerability details

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
hasthemeswp_film_studioRange<1.3.5wordpress
VendorProductVersionCPE
hasthemeswp_film_studio*cpe:2.3:a:hasthemes:wp_film_studio:*:*:*:*:*:wordpress:*:*

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.6

Confidence

Low

Related for PATCHSTACK:A11BBBBADE65D672938527EA9E30BBDC