4.3
CVE-2023-0993
- EPSS 0.09%
- Veröffentlicht 09.06.2023 06:15:55
- Zuletzt bearbeitet 21.11.2024 07:38:14
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginShield Security <= 17.0.17 - Missing Authorization
The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a vector for Cross-Site Scripting via CVE-2023-0992.
Mögliche Gegenmaßnahme
Shield: Blocks Bots, Protects Users, and Prevents Security Breaches: Update to version 17.0.18, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
Version
[*, 17.0.18)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Getshieldsecurity ≫ Shield Security SwPlatformwordpress Version <= 17.0.17
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.257 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| security@wordfence.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|