Lucene search

WPScanCVE-2023-5979

HistoryDec 04, 2023 - 10:15 p.m.

CVE-2023-5979

2023-12-0422:15:08

CWE-352

WPScan

web.nvd.nist.gov

wordpress

ecommerce

product catalog

plugin

csrf

security

vulnerability

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

17.8%

JSON

The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products

Affected configurations

Nvd

Vulners

Node

implecodeecommerce_product_catalogRange<3.3.26wordpress

VendorProductVersionCPE
implecodeecommerce_product_catalog*cpe:2.3:a:implecode:ecommerce_product_catalog:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
implecode	ecommerce_product_catalog	*	cpe:2.3:a:implecode:ecommerce_product_catalog::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "eCommerce Product Catalog Plugin for WordPress",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "3.3.26"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/936934c3-5bfe-416e-b6aa-47bed4db05c4

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

17.8%

JSON

Related for CVE-2023-5979