CVE-2023-2736

EPSS 0.14%
Veröffentlicht 20.05.2023 03:15:09
Zuletzt bearbeitet 21.11.2024 07:59:11
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and then modify the assigned user to the auto login link to elevate verified user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Mögliche Gegenmaßnahme

Groundhogg — CRM, Newsletters, and Marketing Automation: Update to version 2.7.10, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Groundhogg — CRM, Newsletters, and Marketing Automation

Version *-2.7.9.8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Groundhogg ≫ Groundhogg SwPlatformwordpress Version <= 2.7.9.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.342

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8	2.1	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
security@wordfence.com	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://plugins.trac.wordpress.org/changeset/2914493/groundhogg/tags/2.7.10/admin/contacts/contacts-page.php

Third Party Advisory

https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/admin/contacts/contacts-page.php#L542

Third Party Advisory

https://plugins.trac.wordpress.org/browser/groundhogg/tags/2.7.9.8/includes/shortcodes.php#L99

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/9bf472f1-5980-48ee-aa10-aad19b6f2456?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/9bf472f1-5980-48ee-aa10-aad19b6f2456

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-2736

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2736

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2736

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-2736