CVE-2023-24417 - OpenCVE

Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Tiggerswelt	Worthy

Configuration 1 [-]

cpe:2.3:a:tiggerswelt:worthy:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://patchstack.com/database/vulnerability/wp-worthy/wordpress-worthy-vg-wort-integration-fuer-wordpress-plugin-1-6-5-6497609-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2023-07-11T12:38:29.231Z

Updated: 2023-07-11T12:38:29.231Z

Reserved: 2023-01-23T18:16:53.496Z

Link: CVE-2023-24417

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-11T13:15:09.457

Modified: 2023-07-18T18:22:06.920

Link: CVE-2023-24417

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-24417", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-01-23T18:16:53.496Z", "datePublished": "2023-07-11T12:38:29.231Z", "dateUpdated": "2023-07-11T12:38:29.231Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-worthy", "product": "Worthy", "vendor": "tiggersWelt.net", "versions": [{"lessThanOrEqual": "1.6.5-6497609", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "yuyudhn (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <=<span style=\"background-color: var(--wht);\"> 1.6.5-6497609 versions.</span>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <=\u00a01.6.5-6497609 versions."}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-07-11T12:38:29.231Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/wp-worthy/wordpress-worthy-vg-wort-integration-fuer-wordpress-plugin-1-6-5-6497609-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Worthy \u2013 VG WORT Integration f\u00fcr WordPress Plugin <= 1.6.5-6497609 is vulnerable to Cross Site Request Forgery (CSRF)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}