exploitDog

CVE-2023-3178

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack.

Ссылки

https://wpscan.com/vulnerability/5341cb5d-d204-49e1-b013-f8959461995f/
Exploit
Product
Third Party Advisory
https://wpscan.com/vulnerability/5341cb5d-d204-49e1-b013-f8959461995f/
Exploit
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpexperts:post_smtp:*:*:*:*:*:wordpress:*:*

Версия до 2.5.7 (исключая)

EPSS

Процентиль: 37%

0.00162

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-vv37-8w95-rgj3

CVSS3: 4.3

github

около 2 лет назад

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack.

EPSS

Процентиль: 37%

0.00162

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352