4.3
CVE-2023-3977
- EPSS 0.45%
- Veröffentlicht 28.07.2023 05:15:11
- Zuletzt bearbeitet 03.04.2025 12:44:20
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginInisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function
Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Mögliche Gegenmaßnahme
Backup Migration: Update to version 1.2.8, or a newer patched version
Duplicate Post: Update to version 1.4.0, or a newer patched version
Enhanced Text Widget: Update to version 1.5.8, or a newer patched version
RSS Redirect & Feedburner Alternative: Update to version 3.8, or a newer patched version
SSL Mixed Content Fix: Update to version 3.2.4, or a newer patched version
Pop-up: Update to version 1.2.0, or a newer patched version
Redirection: Update to version 1.1.4, or a newer patched version
Ultimate Posts Widget: Update to version 2.2.5, or a newer patched version
Social Media Share Buttons & Social Sharing Icons: Update to version 2.8.2, or a newer patched version
Social Share Icons & Social Share Buttons: Update to version 3.5.8, or a newer patched version
Clone: Update to version 2.3.8, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Backup Migration
Version
*-1.2.7
SystemWordPress Plugin
≫
Produkt
Duplicate Post
Version
*-1.3.9
SystemWordPress Plugin
≫
Produkt
Enhanced Text Widget
Version
*-1.5.7
SystemWordPress Plugin
≫
Produkt
RSS Redirect & Feedburner Alternative
Version
*-3.7
SystemWordPress Plugin
≫
Produkt
SSL Mixed Content Fix
Version
*-3.2.3
SystemWordPress Plugin
≫
Produkt
Pop-up
Version
*-1.1.9
SystemWordPress Plugin
≫
Produkt
Redirection
Version
*-1.1.3
SystemWordPress Plugin
≫
Produkt
Ultimate Posts Widget
Version
*-2.2.4
SystemWordPress Plugin
≫
Produkt
Social Media Share Buttons & Social Sharing Icons
Version
*-2.8.1
SystemWordPress Plugin
≫
Produkt
Social Share Icons & Social Share Buttons
Version
*-3.5.7
SystemWordPress Plugin
≫
Produkt
Clone
Version
*-2.3.7
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Backupbliss ≫ Backup Migration SwPlatformwordpress Version < 1.2.8
Backupbliss ≫ Clone SwPlatformwordpress Version < 2.3.8
Copy-delete-posts ≫ Duplicate Post SwPlatformwordpress Version < 1.4.0
Inisev ≫ Enhanced Text Widget SwPlatformwordpress Version < 1.5.8
Inisev ≫ Redirection SwPlatformwordpress Version < 1.1.4
Inisev ≫ Ssl Mixed Content Fix SwPlatformwordpress Version < 3.2.4
Inisev ≫ Ultimate Posts Widget SwPlatformwordpress Version < 2.2.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.628 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| security@wordfence.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|