exploitDog

CVE-2023-4059

Опубликовано: 04 сент. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog

Ссылки

https://wpscan.com/vulnerability/fc719d12-2f58-4d1f-b696-0f937e706842
Third Party Advisory
https://wpscan.com/vulnerability/fc719d12-2f58-4d1f-b696-0f937e706842
Third Party Advisory
https://wpscan.com/vulnerability/fc719d12-2f58-4d1f-b696-0f937e706842
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*

Версия до 3.9.8 (исключая)

EPSS

Процентиль: 34%

0.00134

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-8xqw-5jx9-crgq

CVSS3: 4.3

github

больше 2 лет назад

The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog

EPSS

Процентиль: 34%

0.00134

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352