8.8
CVE-2023-5882
- EPSS 0.55%
- Veröffentlicht 18.12.2023 20:15:08
- Zuletzt bearbeitet 21.11.2024 08:42:42
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF
Export any WordPress data to XML/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 - Cross-Site Request Forgery to Remote Code Execution
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution.
Mögliche Gegenmaßnahme
WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel: Update to version 1.4.1, or a newer patched version
WP All Export Pro: Update to version 1.8.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Soflyy ≫ Export Any Wordpress Data To Xml/csv SwPlatformwordpress Version < 1.4.1
Soflyy ≫ Wp All Export SwEditionpro SwPlatformwordpress Version < 1.8.6
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel
Version
[*, 1.4.1)
SystemWordPress Plugin
≫
Produkt
WP All Export Pro
Version
[*, 1.8.6)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.416 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://wpscan.com/vulnerability/72be4b5c-21be-46af-a3f4-08b4c190a7e2
https://www.wordfence.com/threat-intel/vulnerabilities/id/b70e8bce-1793-40f0-bdb1-100cf5f431e9