CVE-2023-46641 - OpenCVE

Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.24.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Code4recovery	12 Step Meeting List

Configuration 1 [-]

cpe:2.3:a:code4recovery:12_step_meeting_list:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://patchstack.com/database/vulnerability/12-step-meeting-list/wordpress-12-step-meeting-list-plugin-3-14-24-server-side-request-forgery-ssrf-vulnerability?_s_id=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2023-12-07T10:55:27.082Z

Updated: 2023-12-07T10:55:27.082Z

Reserved: 2023-10-24T13:10:46.643Z

Link: CVE-2023-46641

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-07T11:15:08.007

Modified: 2023-12-12T17:11:31.140

Link: CVE-2023-46641

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-46641", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-10-24T13:10:46.643Z", "datePublished": "2023-12-07T10:55:27.082Z", "dateUpdated": "2023-12-07T10:55:27.082Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "12-step-meeting-list", "product": "12 Step Meeting List", "vendor": "Code for Recovery", "versions": [{"changes": [{"at": "3.14.25", "status": "unaffected"}], "lessThanOrEqual": "3.14.24", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Shahzaib Ali Khan (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List.<p>This issue affects 12 Step Meeting List: from n/a through 3.14.24.</p>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.24.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-12-07T10:55:27.082Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/12-step-meeting-list/wordpress-12-step-meeting-list-plugin-3-14-24-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 3.14.25 or a higher version."}], "value": "Update to\u00a03.14.25 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress 12 Step Meeting List Plugin <= 3.14.24 is vulnerable to Server Side Request Forgery (SSRF)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}