6.5
CVE-2023-5979
- EPSS 0.28%
- Veröffentlicht 04.12.2023 22:15:08
- Zuletzt bearbeitet 21.11.2024 08:42:54
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LogineCommerce Product Catalog Plugin for WordPress < 3.3.26 - Products Deletion via CSRF
eCommerce Product Catalog for WordPress <= 3.3.25 - Cross-Site Request Forgery
The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products
Mögliche Gegenmaßnahme
eCommerce Product Catalog Plugin for WordPress: Update to version 3.3.26, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Implecode ≫ Ecommerce Product Catalog SwPlatformwordpress Version < 3.3.26
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
eCommerce Product Catalog Plugin for WordPress
Version
[*, 3.3.26)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.198 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://wpscan.com/vulnerability/936934c3-5bfe-416e-b6aa-47bed4db05c4
https://www.wordfence.com/threat-intel/vulnerabilities/id/ba70f811-543f-4da4-ba45-715dbd6be6be