CVE-2023-0441

Exploit

EPSS 0.3%
Veröffentlicht 27.03.2023 16:15:08
Zuletzt bearbeitet 19.02.2025 17:15:11
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Gallery Blocks with Lightbox <= 3.0.7 - Missing Authorization in pgc_sgb_action_wizard

The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user role.

Mögliche Gegenmaßnahme

Mixed Media Gallery Blocks: Update to version 3.0.8, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Mixed Media Gallery Blocks

Version *-3.0.7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Simplygallery ≫ Simply Gallery Blocks With Lightbox SwPlatformwordpress Version < 3.0.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.529

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/11703e49-c042-4eb6-9a5f-6e006e3725a0

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/7561bce2-bd70-4da3-bbf0-318e59cd1852

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0441

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0441

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0441

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-0441