6.5
CVE-2023-5006
- EPSS 0.33%
- Veröffentlicht 17.01.2024 15:15:10
- Zuletzt bearbeitet 11.06.2025 17:15:37
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWP Discord Invite < 2.5.1 - Arbitrary Settings Update via CSRF
WP Discord Invite < 2.5.1 - Cross-Site Request Forgery to Settings Update
The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request.
Mögliche Gegenmaßnahme
WP Discord Invite: Update to version 2.5.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sarveshmrao ≫ Wp Discord Invite SwPlatformwordpress Version < 2.5.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Discord Invite
Version
[*, 2.5.1)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.242 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://wpscan.com/vulnerability/d29bcc1c-241b-4867-a0c8-4ae5f9d1c8e8
https://www.wordfence.com/threat-intel/vulnerabilities/id/d92bfa61-7ae2-427a-8f3a-82709471735b