Lucene search
+L

8 matches found

patchstack
patchstack
added 2023/03/28 12:0 a.m.9 views

WordPress WP Film Studio Plugin < 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Film Studio Type Plugin Vulnerable versions 1.3.5 Fixed in 1.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0500 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3455d020bbba Credits Lana Codes Required...

6.5CVSS6.6AI score0.00307EPSS
Exploits2References4Affected Software1
nvd
nvd
added 2023/03/27 4:15 p.m.20 views

CVE-2023-0500

The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

6.5CVSS6.4AI score0.00307EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2023/03/27 3:37 p.m.6 views

CVE-2023-0500 WP Film Studio < 1.3.5 - Arbitrary Plugin Activation via CSRF

The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

6.7AI score0.00307EPSS
Exploits2References1
cve
cve
added 2023/03/27 3:37 p.m.57 views

CVE-2023-0500

The CVE CVE-2023-0500 concerns the WordPress plugin WP Film Studio, affected versions up to and including 1.3.4. The underlying issue is the absence of a CSRF check when activating plugins, enabling a CSRF attack to force logged-in admins to activate arbitrary plugins on the blog. Impact is tied ...

6.5CVSS6.3AI score0.00307EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2023/03/27 3:37 p.m.28 views

CVE-2023-0500 WP Film Studio < 1.3.5 - Arbitrary Plugin Activation via CSRF

The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

6.6AI score0.00307EPSS
Exploits2References1
cnnvd
cnnvd
added 2023/03/27 12:0 a.m.9 views

WordPress plugin WP Film Studio 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

6.5CVSS6.9AI score0.00307EPSS
Exploits2References3
ptsecurity
ptsecurity
added 2023/03/27 12:0 a.m.6 views

PT-2023-16312 · Unknown · Wp Film Studio

Name of the Vulnerable Software and Affected Versions: WP Film Studio version 1.3.4 and earlier Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF attack...

6.5CVSS6.9AI score0.00307EPSS
Exploits2References3
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.122 views

WP Film Studio < 1.3.5 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

6.5CVSS6.9AI score0.00307EPSS
Exploits2
Rows per page
Query Builder