The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/f7a20bea-c3d5-431b-bdcf-e189c81a561a | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/f7a20bea-c3d5-431b-bdcf-e189c81a561a | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:36
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/f7a20bea-c3d5-431b-bdcf-e189c81a561a - Exploit, Third Party Advisory |
01 Apr 2023, 01:08
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:wpvar:wp_shamsi:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | (MISC) https://wpscan.com/vulnerability/f7a20bea-c3d5-431b-bdcf-e189c81a561a - Exploit, Third Party Advisory |
27 Mar 2023, 17:04
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-27 16:15
Updated : 2024-11-21 07:36
NVD link : CVE-2023-0335
Mitre link : CVE-2023-0335
CVE.ORG link : CVE-2023-0335
JSON object : View
Products Affected
wpvar
- wp_shamsi