6.5
CVE-2023-0889
- EPSS 0.3%
- Veröffentlicht 17.04.2023 13:15:37
- Zuletzt bearbeitet 06.02.2025 16:15:32
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginTF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update
Themeflection Numbers <= 1.8.1 - Authenticated(Subscriber+) Privilege Escalation via tf_numb_save_licenses
Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the default role to administrator
Mögliche Gegenmaßnahme
Themeflection Numbers – Number Counter and Animated Numbers: Update to version 2.0.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Metagauss ≫ Themeflection Numbers SwPlatformwordpress Version < 2.0.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Themeflection Numbers – Number Counter and Animated Numbers
Version
*-1.8.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.215 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
https://wpscan.com/vulnerability/c39473a7-47fc-4bce-99ad-28d03f41e74e
https://www.wordfence.com/threat-intel/vulnerabilities/id/db6616b5-4c4e-4cc7-83eb-22fac94f47f2