5.3

CVE-2023-0581

EPSS 0.93%
Veröffentlicht 30.01.2023 15:15:09
Zuletzt bearbeitet 21.11.2024 07:37:26
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

PrivateContent <= 8.4.3 - Protection Mechanism Bypass

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions  that may prevent a brute force attack.

Mögliche Gegenmaßnahme

PrivateContent: Update to version 8.4.4, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt PrivateContent

Version *-8.4.3

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lcweb ≫ Privatecontent SwPlatformwordpress Version < 8.4.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.93%	0.757

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://lcweb.it/privatecontent/changelog

Vendor Advisory

Release Notes

https://www.wordfence.com/threat-intel/vulnerabilities/id/de73304e-7a28-4304-b1ed-2f6dd7738236

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/de73304e-7a28-4304-b1ed-2f6dd7738236

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0581

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0581

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0581

EUVD