PT-2023-31199 · WordPress · Salesmanago

Francesco Carlucci

Published

2023-10-21

Updated

2023-10-31

CVE-2023-4939

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions SALESmanago plugin for WordPress versions up to, and including, 3.2.4

Description The issue is due to the use of a weak authentication token for the "/wp-json/salesmanago/v1/callbackApiV3" API endpoint, which is a SHA1 hash of the site URL and client id found in the page source of the website. This allows unauthenticated attackers to inject arbitrary content into the log files. When combined with another issue, this could have significant consequences.

Recommendations For versions up to, and including, 3.2.4, update to a version that addresses this issue. As a temporary workaround, consider restricting access to the "/wp-json/salesmanago/v1/callbackApiV3" API endpoint until a patch is available.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-305CWE-287

Related Identifiers

CVE-2023-4939

Affected Products

Salesmanago

PT-2023-31199 · WordPress · Salesmanago

CVE-2023-4939

Weakness Enumeration

Related Identifiers

Affected Products

References · 7