CVE-2023-1509 GMAce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary File Modification (Creation/Overwrite/Deletion)

The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...

CVE-2023-1509

CVE-2023-1509 describes a CSRF flaw in the GMAce WordPress plugin (

PT-2023-17044 · WordPress · Gmace

Name of the Vulnerable Software and Affected Versions: GMAce plugin for WordPress versions up to, and including, 1.5.2 Description: The issue is due to missing nonce validation on the gmace manager server function called via the wp ajax gmace manager AJAX action. This allows unauthenticated...

WordPress Plugin GMAce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Plugin GMAce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2023-19261 · German Mesky · Gmace Plugin

Name of the Vulnerable Software and Affected Versions: German Mesky GMAce plugin versions = 1.5.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticat...

GMAce <= 1.5.2 - Arbitrary File Creation/Deletion/Update via CSRF

The plugin does not have CSRF checks in the gmacemanagerserver function, which could allow attackers to make logged in admins create, delete and update arbitrary files via a CSRF attack...

GMace <= 1.5.2 - Admin+ Path Traversal

The plugin does not validate user input used in a path, which could allow high privilege users, such as admin to perform path traversal attacks...

WordPress GMAce Plugin <= 1.5.2 is vulnerable to Arbitrary File Download

Software GMAce Type Plugin Vulnerable versions = 1.5.2 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Download CVE CVE-2023-23872 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 4ffc557c3ed7 Credits Mika Required privilege Administrat...

WordPress GMAce Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software GMAce Type Plugin Vulnerable versions = 1.5.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23861 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5e49c5295a88 Credits Mika Required privilege...