8.8
CVE-2023-5886
- EPSS 0.55%
- Veröffentlicht 18.12.2023 20:15:08
- Zuletzt bearbeitet 21.11.2024 08:42:42
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWP All Export (Free < 1.4.1, Pro < 1.8.6) - Author+ PHAR Deserialization via CSRF
Export any WordPress data to XML/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 - Cross-Site Request Forgery to PHAR Deserialization
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution.
Mögliche Gegenmaßnahme
WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel: Update to version 1.4.1, or a newer patched version
WP All Export Pro: Update to version 1.8.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Soflyy ≫ Export Any Wordpress Data To Xml/csv SwPlatformwordpress Version < 1.4.1
Soflyy ≫ Wp All Export SwEditionpro SwPlatformwordpress Version < 1.8.6
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel
Version
[*, 1.4.1)
SystemWordPress Plugin
≫
Produkt
WP All Export Pro
Version
[*, 1.8.6)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.416 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://wpscan.com/vulnerability/0a08e49d-d34e-4140-a15d-ad64444665a3
https://www.wordfence.com/threat-intel/vulnerabilities/id/fdc18341-135b-4522-a9db-510e4c4d9704