Lucene search

[email protected]NVD:CVE-2023-4318

HistorySep 11, 2023 - 8:15 p.m.

CVE-2023-4318

2023-09-1120:15:12

[email protected]

web.nvd.nist.gov

wordpress plugin

csrf attack

cve-2023-4318

logged in admins

arbitrary effects

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

30.3%

JSON

The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack

Affected configurations

Nvd

Node

wow-companyherd_effectsRange<5.2.4wordpress

VendorProductVersionCPE
wow-companyherd_effects*cpe:2.3:a:wow-company:herd_effects:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wow-company	herd_effects	*	cpe:2.3:a:wow-company:herd_effects::::::wordpress::*

References

wpscan.com/vulnerability/93b40030-3706-4063-bf59-4ec983afdbb6

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

30.3%

JSON

Related for NVD:CVE-2023-4318

wpvulndb1 prion1 cve1 cvelist1 wpexploit1 wordfence1