Lucene search

K
patchstackElliotPATCHSTACK:EE6955F855CAB9A21C46A727B3765689
HistoryJul 20, 2023 - 12:00 a.m.

WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

2023-07-2000:00:00
Elliot
patchstack.com
1
wordpress
wpstream
live streaming
plugin
vulnerable
csrf
security misconfiguration
low severity
cve-2023-38512
unauthenticated

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

Software

WpStream – Live Streaming, Video on Demand, Pay Per View

Type

Plugin

Vulnerable versions

<= 4.5.4

Fixed in

4.5.5

OWASP Top 10

A6: Security Misconfiguration

Classification

Cross Site Request Forgery (CSRF)

CVE

CVE-2023-38512

Patch priority

Low

CVSS severity

Low (5.4)

Developer

Claim ownership

PSID

4e851cbb9e71

Credits

Elliot Elliot

Required privilege

Unauthenticated

Published

20 July, 2023

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
wpstreamwpstream_–_live_streaming\,_video_on_demand\,_pay_per_viewRange4.5.4
VendorProductVersionCPE
wpstreamwpstream_–_live_streaming\,_video_on_demand\,_pay_per_view*cpe:2.3:a:wpstream:wpstream_–_live_streaming\,_video_on_demand\,_pay_per_view:*:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

Related for PATCHSTACK:EE6955F855CAB9A21C46A727B3765689