exploitDog

CVE-2023-32625

Опубликовано: 21 июл. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page.

Ссылки

https://ja.wordpress.org/plugins/ts-webfonts-for-sakura/#developers
Product
Release Notes
https://jvn.jp/en/jp/JVN90560760/
Third Party Advisory
https://ja.wordpress.org/plugins/ts-webfonts-for-sakura/#developers
Product
Release Notes
https://jvn.jp/en/jp/JVN90560760/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sakura:ts_webfonts:*:*:*:*:*:wordpress:*:*

Версия до 3.1.2 (включая)

EPSS

Процентиль: 32%

0.00124

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-h2wj-h26p-75wm

CVSS3: 4.3

github

больше 2 лет назад

Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page.

EPSS

Процентиль: 32%

0.00124

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352