CVE-2023-50858

Name of the Vulnerable Software and Affected Versions Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan versions n/a through 4.34

Description A Cross-Site Request Forgery (CSRF) issue affects the mentioned plugins. This type of issue allows an attacker to perform actions on a user's behalf without their knowledge. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the potential for attackers to manipulate user interactions through username and password variables in API endpoints like "/api/v1/login" or "/users/{id}".

Recommendations For versions n/a through 4.34, update to a version that includes a fix for this issue, if available. As a temporary workaround, consider disabling the checkPassword() function or restricting access to the vulnerable login module until a patch is available. Avoid using the user id variable in affected API endpoints until the issue is resolved. If no specific fix is provided for a particular version, ensure to follow best practices for securing user interactions and authentication processes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.