CVE-2023-3320

Опубликовано: 20 июн. 2023

Источник: nvd

CVSS3: 6.1

CVSS3: 8.8

EPSS Низкий

Описание

The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Ссылки

http://packetstormsecurity.com/files/173048/WordPress-WP-Sticky-Social-1.0.1-CSRF-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2926150%40wp-sticky-social&new=2926150%40wp-sticky-social
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/a272e12b-97a2-421a-a703-3acce2ed8313?source=cve
Third Party Advisory
http://packetstormsecurity.com/files/173048/WordPress-WP-Sticky-Social-1.0.1-CSRF-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2926150%40wp-sticky-social&new=2926150%40wp-sticky-social
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/a272e12b-97a2-421a-a703-3acce2ed8313?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp_sticky_social_project:wp_sticky_social:*:*:*:*:*:wordpress:*:*

Версия до 1.0.1 (включая)

EPSS

Процентиль: 76%

0.00982

Низкий

6.1 Medium

CVSS3

8.8 High

CVSS3

Дефекты

Связанные уязвимости

GHSA-vcgj-xv6w-352p

CVSS3: 6.1

github

больше 2 лет назад

EPSS

Процентиль: 76%

0.00982

Низкий

6.1 Medium

CVSS3

8.8 High

CVSS3