PT-2023-30650 · WordPress · Wpforo Forum

Jesse Mcneil

Publicado

2023-11-30

Atualizado

2023-12-06

CVE-2023-47870

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions wpForo Forum versions through 2.2.6

Description The issue is related to Cross-Site Request Forgery (CSRF) and Missing Authorization, allowing unauthorized access to functionality not properly constrained by Access Control Lists (ACLs). This can lead to forced log out of all users.

Recommendations For versions through 2.2.6, update to a version that includes a fix for this issue to prevent Cross-Site Request Forgery and unauthorized access. As a temporary workaround, consider restricting access to sensitive functionality to minimize the risk of exploitation.

Correção

Missing Authorization

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-352

Identificadores relacionados

CVE-2023-47870

Produtos afetados

Wpforo Forum

PT-2023-30650 · WordPress · Wpforo Forum

CVE-2023-47870

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7