Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:6797311E-DE17-4716-AC93-15522F926C3B
HistoryJun 19, 2023 - 12:00 a.m.

CMS Commander < 2.288 - Unauthenticated Authorisation Bypass

2023-06-1900:00:00
wpscan.com
4
cms commander
unauthenticated
authorisation bypass
cryptographic signature
remote control
administrator access

0.002 Low

EPSS

Percentile

54.4%

JSON

The plugin does not use a sufficient unique cryptographic signature in its cmsc_add_site feature, which could allow unauthenticated users to update the _cmsc_public_key settings when the plugin has not been configured yet, and get access to the plugin’s remote control features such as creating an administrator access URL

CPENameOperatorVersion
cms-commander-clientlt2.288

Related

cvelist 1
cve 1
nvd 1
prion 1
wordfence 1
cvelist
cvelist
CVE-2023-3325
2023-06-20 04:27:34
cve
cve
CVE-2023-3325
2023-06-20 05:15:09
nvd
nvd
CVE-2023-3325
2023-06-20 05:15:09
prion
prion
Authorization
2023-06-20 05:15:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)
2023-06-29 13:24:24

0.002 Low

EPSS

Percentile

54.4%

JSON
Related for WPVDB-ID:6797311E-DE17-4716-AC93-15522F926C3B
cvelist1cve1nvd1prion1wordfence1