CVE-2023-5611

Exploit

EPSS 0.1%
Veröffentlicht 27.11.2023 17:15:09
Zuletzt bearbeitet 16.01.2025 15:44:50
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Seraphinite Accelerator (Base, cache only) <= 2.20.31 - Cross-Site Request Forgery

The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them

Mögliche Gegenmaßnahme

Seraphinite Accelerator: Update to version 2.20.32, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Seraphinite Accelerator

Version *-2.20.31

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

S-sols ≫ Seraphinite Accelerator SwPlatformwordpress Version < 2.20.32

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.274

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://wpscan.com/vulnerability/8cb8a5e9-2ab6-4d9b-9ffc-ef530e346f8d

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/d2b32fdc-b73f-48e5-88bf-e836ec2f791f

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-5611

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5611

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5611

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-5611