4.3
CVE-2023-0496
- EPSS 0.26%
- Veröffentlicht 27.03.2023 16:15:08
- Zuletzt bearbeitet 14.02.2025 16:15:32
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginHT Event < 1.4.6 - Arbitrary Plugin Activation via CSRF
HT Event <= 1.4.5 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation
The HT Event WordPress plugin before 1.4.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Mögliche Gegenmaßnahme
HT Event – WordPress Event Manager Plugin for Elementor: Update to version 1.4.6, or a newer patched version
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.173 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
https://wpscan.com/vulnerability/451b47d5-7bd2-4a82-9c8e-fe6601bcd2ab
https://www.wordfence.com/threat-intel/vulnerabilities/id/8b14c07b-23bb-4a14-8018-fa2462383b35