CVE-2023-36690 - OpenCVE

Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Vibethemes	Wordpress Learning Management System

Configuration 1 [-]

cpe:2.3:a:vibethemes:wordpress_learning_management_system_:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://patchstack.com/database/vulnerability/wplms/wordpress-wplms-theme-4-600-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2023-07-11T12:01:02.045Z

Updated: 2023-07-11T12:01:02.045Z

Reserved: 2023-06-26T12:05:50.939Z

Link: CVE-2023-36690

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-11T13:15:10.173

Modified: 2023-07-18T19:16:44.627

Link: CVE-2023-36690

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-36690", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-06-26T12:05:50.939Z", "datePublished": "2023-07-11T12:01:02.045Z", "dateUpdated": "2023-07-11T12:01:02.045Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net/", "defaultStatus": "unaffected", "packageName": "wplms", "product": "WPLMS", "vendor": "VibeThemes", "versions": [{"changes": [{"at": "4.900", "status": "unaffected"}], "lessThan": "4.900", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Dave Jong (Patchstack)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <=<span style=\"background-color: var(--wht);\"> 4.900 versions.</span>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <=\u00a04.900 versions."}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-07-11T12:01:02.045Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/wplms/wordpress-wplms-theme-4-600-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 4.900 or a higher version."}], "value": "Update to\u00a04.900 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress WPLMS Theme < 4.900 is vulnerable to Cross Site Request Forgery (CSRF)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}