Lucene search
WPScanCVE-2023-0497HistoryMar 27, 2023 - 4:15 p.m.
CVE-2023-0497
2023-03-2716:15:08
WPScan
web.nvd.nist.gov
31
cve-2023-0497
ht portfolio
wordpress plugin
csrf
csrf attack
security vulnerability
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
EPSS
0.001
Percentile
32.8%
The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Affected configurations
Node
hasthemesht_portfolioRange<1.1.6wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hasthemes | ht_portfolio | * | cpe:2.3:a:hasthemes:ht_portfolio:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "HT Portfolio",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.1.6"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF
2023-02-28 00:00:00
cvelist
cvelist
CVE-2023-0497 HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF
2023-03-27 15:37:43
nvd
nvd
CVE-2023-0497
2023-03-27 16:15:08
wpexploit
wpexploit
HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF
2023-02-28 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-03-27 16:15:00
wordfence
wordfence
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
EPSS
0.001
Percentile
32.8%
Related for CVE-2023-0497