4.3
CVE-2023-1088
- EPSS 0.1%
- Veröffentlicht 27.03.2023 16:15:09
- Zuletzt bearbeitet 19.02.2025 21:15:12
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWP Plugin Manager <= 1.1.7 - Cross-Site Request Forgery to Arbitrary Plugin Activation
The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Mögliche Gegenmaßnahme
WP Plugin Manager – Deactivate plugins per page: Update to version 1.1.8, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Plugin Manager – Deactivate plugins per page
Version
*-1.1.7
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hasthemes ≫ Wp Plugin Manager SwPlatformwordpress Version < 1.1.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.273 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|