exploitDog

CVE-2023-2334

Опубликовано: 15 мая 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

Ссылки

https://wpscan.com/vulnerability/95562684-2bb1-46f0-838c-8501db6b43ed/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:westerndeal:easy_digital_downloads_google_sheet_connector:*:*:*:*:*:wordpress:*:*

Версия до 1.6.6 (исключая)

Конфигурация 2

cpe:2.3:a:gsheetconnector:edd_gsheetconnector:*:*:*:*:pro:wordpress:*:*

Версия до 1.4 (исключая)

EPSS

Процентиль: 4%

0.00019

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-phfp-9x4x-56gj

CVSS3: 5.4

github

9 месяцев назад

The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

EPSS

Процентиль: 4%

0.00019

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-352