9.6
CVE-2023-5820
- EPSS 0.1%
- Veröffentlicht 27.10.2023 12:15:08
- Zuletzt bearbeitet 21.11.2024 08:42:33
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginThumbnail Slider With Lightbox <= 1.0 - Cross-Site Request Forgery to Arbitrary File Upload
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Mögliche Gegenmaßnahme
Thumbnail Slider With Lightbox: Update to version 1.0.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Thumbnail Slider With Lightbox
Version
1.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
I13websolution ≫ Thumbnail Slider With Lightbox Version1.0 SwPlatformwordpress
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.287 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 9.6 | 2.8 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.