PT-2023-32158 · WordPress · Imagemapper
István Márton
+1
·
Publicado
2023-11-07
·
Atualizado
2023-11-14
·
CVE-2023-5532
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ImageMapper plugin for WordPress versions up to, and including, 1.2.6
Description
The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the
imgmap save area title function. This allows unauthenticated attackers to update the post title and inject malicious JavaScript via a forged request if they can trick a site administrator into performing a specific action.Recommendations
For ImageMapper plugin for WordPress versions up to, and including, 1.2.6, update to a version that includes the fix for the nonce validation issue in the
imgmap save area title function. As a temporary workaround, consider restricting access to the imgmap save area title function to minimize the risk of exploitation.Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Imagemapper