exploitDog

CVE-2023-2495

Опубликовано: 10 июл. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF.

Ссылки

https://wpscan.com/vulnerability/45878983-7e9b-49c2-8f99-4c28aab24f09
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/45878983-7e9b-49c2-8f99-4c28aab24f09
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:greeklish-permalink_project:greeklish-permalink:*:*:*:*:*:wordpress:*:*

Версия до 3.3 (включая)

EPSS

Процентиль: 17%

0.00054

Низкий

4.3 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-pvx5-h7p4-ffvx

CVSS3: 4.3

github

больше 2 лет назад

The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF.

EPSS

Процентиль: 17%

0.00054

Низкий

4.3 Medium

CVSS3

Дефекты