Lucene search
WPScanCVE-2023-4318HistorySep 11, 2023 - 8:15 p.m.
CVE-2023-4318
2023-09-1120:15:12
WPScan
web.nvd.nist.gov
14
cve-2023-4318
herd effects
wordpress plugin
csrf
security vulnerability
nvd
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
5
Confidence
High
EPSS
0.001
Percentile
30.3%
The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack
Affected configurations
Node
wow-companyherd_effectsRange<5.2.4wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wow-company | herd_effects | * | cpe:2.3:a:wow-company:herd_effects:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Herd Effects",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "5.2.4"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
Herd Effects < 5.2.4 - Effect Deletion via CSRF
2023-08-21 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-09-11 20:15:00
cvelist
cvelist
CVE-2023-4318 Herd Effects < 5.2.4 - Effect Deletion via CSRF
2023-09-11 19:46:05
wpexploit
wpexploit
Herd Effects < 5.2.4 - Effect Deletion via CSRF
2023-08-21 00:00:00
nvd
nvd
CVE-2023-4318
2023-09-11 20:15:12
wordfence
wordfence
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
5
Confidence
High
EPSS
0.001
Percentile
30.3%
Related for CVE-2023-4318