Lucene search
K

6 matches found

Patchstack
Patchstack
added 2023/10/27 12:0 a.m.11 views

WordPress Assistant – Every Day Productivity Apps Plugin < 1.4.4 is vulnerable to Server Side Request Forgery (SSRF)

Software Assistant – Every Day Productivity Apps Type Plugin Vulnerable versions 1.4.4 Fixed in 1.4.4 OWASP Top 10 A3: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-5798 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 79c75777c183 Credits Ji Yuchen...

8.8CVSS6.9AI score0.00694EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2023/10/26 10:15 a.m.18 views

CVE-2023-5798

The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...

8.8CVSS8.7AI score0.00694EPSS
Exploits2References1
OSV
OSV
added 2023/10/26 10:15 a.m.3 views

CVE-2023-5798

The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...

8.8CVSS5.8AI score0.00694EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/10/26 9:8 a.m.31 views

CVE-2023-5798 Assistant < 1.4.4 - Editor+ SSRF

The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...

8.8AI score0.00694EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/10/26 9:8 a.m.5 views

CVE-2023-5798 Assistant < 1.4.4 - Editor+ SSRF

The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...

7AI score0.00694EPSS
Exploits2References1
CVE
CVE
added 2023/10/26 9:8 a.m.71 views

CVE-2023-5798

CVE-2023-5798 affects the Assistant WordPress plugin prior to 1.4.4. The issue is that a parameter is not validated before making a request via wp_remote_get(), enabling SSRF from users with roles as low as Editor. Impact is SSRF with potential access to internal/external resources; document note...

8.8CVSS8.7AI score0.00694EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder