CVE-2023-5006

Exploit

EPSS 0.11%
Veröffentlicht 17.01.2024 15:15:10
Zuletzt bearbeitet 11.06.2025 17:15:37
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

WP Discord Invite < 2.5.1 - Cross-Site Request Forgery to Settings Update

The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request.

Mögliche Gegenmaßnahme

WP Discord Invite: Update to version 2.5.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WP Discord Invite

Version [*, 2.5.1)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sarveshmrao ≫ Wp Discord Invite SwPlatformwordpress Version < 2.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.306

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://wpscan.com/vulnerability/d29bcc1c-241b-4867-a0c8-4ae5f9d1c8e8

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/d92bfa61-7ae2-427a-8f3a-82709471735b

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-5006

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5006

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5006

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-5006