Lucene search

PRIOn knowledge basePRION:CVE-2023-5532

HistoryNov 07, 2023 - 11:15 a.m.

Cross site request forgery (csrf)

2023-11-0711:15:00

PRIOn knowledge base

www.prio-n.com

cross-site request forgery

wordpress

imagemapper

vulnerable

nonce validation

unauthenticated attackers

post title

malicious javascript

site administrator

forged request

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.8%

JSON

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the ‘imgmap_save_area_title’ function. This makes it possible for unauthenticated attackers to update the post title and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.

CPENameOperatorVersion
imagemapperle1.2.6

CPE	Name	Operator	Version
	imagemapper	le	1.2.6

References

plugins.trac.wordpress.org/browser/imagemapper/tags/1.2.6/imagemapper.php

www.wordfence.com/threat-intel/vulnerabilities/id/bbb67f02-87e8-4ca3-8a9d-6663a700ab5b?source=cve