Lucene search
Erwan LR (WPScan)WPVDB-ID:8CB8A5E9-2AB6-4D9B-9FFC-EF530E346F8DHistoryNov 06, 2023 - 12:00 a.m.
Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import
2023-11-0600:00:00
Erwan LR (WPScan)
wpscan.com
10
seraphinite accelerator
unauthorised settings reset
csrf checks
authentication
security issue
EPSS
0.001
Percentile
30.1%
Description The plugin does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them The issue was partially fixed in 2.20.29 (only adding authorisation checks). CSRF checks were added in 2.20.32
PoC
As an unauthenticated user, open https://example.com/wp-admin/admin-post.php?seraph_accel_settingsOp=reset
Related
prion
prion
Cross site request forgery (csrf)
2023-11-27 17:15:00
cvelist
cvelist
cve
cve
CVE-2023-5611
2023-11-27 17:15:09
nvd
nvd
CVE-2023-5611
2023-11-27 17:15:09
wpexploit
wpexploit
Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import
2023-11-06 00:00:00