Lucene search

[email protected]NVD:CVE-2023-4214

HistoryNov 18, 2023 - 2:15 a.m.

CVE-2023-4214

2023-11-1802:15:49

CWE-640

[email protected]

web.nvd.nist.gov

cve-2023-4214

vulnerability

wordpress

apppresser

password resets

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

26.9%

JSON

The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.

Affected configurations

NVD

Node

apppresserapppresserRange<4.3.0wordpress

References

plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_API_Limit.php?rev=2997182

plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_WPAPI_Mods.php#L567

plugins.trac.wordpress.org/changeset/2997160/apppresser

www.wordfence.com/threat-intel/vulnerabilities/id/4c44c36a-c4c7-49c2-b750-1589e7840dde?source=cve

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

26.9%

JSON

Related for NVD:CVE-2023-4214

cve1 prion1 wpvulndb1 cvelist1 wordfence1