PT-2023-16314 · WordPress · P-News

Lana Codes

Publicado

2023-03-27

Atualizado

2023-03-30

CVE-2023-0502

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions WP News WordPress plugin versions 1.1.9 and earlier

Description The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF attack.

Recommendations For WP News WordPress plugin versions 1.1.9 and earlier, update to a version that includes a CSRF check for plugin activation to prevent this issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-0502

Produtos afetados

P-News

PT-2023-16314 · WordPress · P-News

CVE-2023-0502

Identificadores relacionados

Produtos afetados

Referências · 4