exploitDog

CVE-2023-2628

Опубликовано: 27 июн. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update various users (patients, doctors etc)

Ссылки

https://wpscan.com/vulnerability/e0741e2c-c529-4815-8744-16e01cdb0aed
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/e0741e2c-c529-4815-8744-16e01cdb0aed
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:iqonic:kivicare:*:*:*:*:*:wordpress:*:*

Версия до 3.2.1 (исключая)

EPSS

Процентиль: 35%

0.00143

Низкий

8.8 High

CVSS3

Дефекты

Связанные уязвимости

GHSA-638h-xgr5-q9r9

CVSS3: 8.8

github

больше 2 лет назад

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update various users (patients, doctors etc)

EPSS

Процентиль: 35%

0.00143

Низкий

8.8 High

CVSS3

Дефекты