CVE-2023-46085

Name of the Vulnerable Software and Affected Versions Wpmet Wp Ultimate Review plugin versions 2.2.4 and earlier ICS versions 9.x and 22.x IPS (affected versions not specified) Ivanti Connect Secure and Policy Secure gateways (affected versions not specified)

Description The issue concerns an authentication bypass vulnerability and a Cross-Site Request Forgery (CSRF) vulnerability. The authentication bypass vulnerability allows a remote attacker to access restricted resources by bypassing control checks. The CSRF vulnerability is present in the Wpmet Wp Ultimate Review plugin. Ivanti has published an advisory detailing two vulnerabilities affecting Connect Secure and Policy Secure gateways, and it is aware that both vulnerabilities are being actively exploited.

Recommendations For Wpmet Wp Ultimate Review plugin versions 2.2.4 and earlier, update to a version later than 2.2.4 to resolve the CSRF vulnerability. For ICS versions 9.x and 22.x, apply the necessary patches or updates to address the authentication bypass vulnerability. For IPS, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Ivanti Connect Secure and Policy Secure gateways, apply the patches or updates provided by Ivanti to address the vulnerabilities.