exploitDog

CVE-2023-2627

Опубликовано: 27 июн. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings

Ссылки

https://wpscan.com/vulnerability/162d0029-2adc-4925-9985-1d5d672dbe75
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/162d0029-2adc-4925-9985-1d5d672dbe75
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:iqonic:kivicare:*:*:*:*:*:wordpress:*:*

Версия до 3.2.1 (исключая)

EPSS

Процентиль: 19%

0.00059

Низкий

4.3 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-mjmv-wghg-gx7m

CVSS3: 4.3

github

больше 2 лет назад

The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings

EPSS

Процентиль: 19%

0.00059

Низкий

4.3 Medium

CVSS3

Дефекты