PT-2023-16314 · WordPress · P-News

Lana Codes

Published

2023-03-27

Updated

2023-03-30

CVE-2023-0502

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions WP News WordPress plugin versions 1.1.9 and earlier

Description The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF attack.

Recommendations For WP News WordPress plugin versions 1.1.9 and earlier, update to a version that includes a CSRF check for plugin activation to prevent this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-0502

Affected Products

P-News

PT-2023-16314 · WordPress · P-News

CVE-2023-0502

Related Identifiers

Affected Products

References · 4