CVE-2023-48766 - OpenCVE

Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator – Add Animated SVG Easily.This issue affects SVGator – Add Animated SVG Easily: from n/a through 1.2.4.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Svgator	Svgator

Configuration 1 [-]

cpe:2.3:a:svgator:svgator:*:*:*:*:*:*:wordpress:*

References

Link	Resource
https://patchstack.com/database/vulnerability/svgator/wordpress-svgator-add-animated-svg-easily-plugin-1-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2023-12-18T16:30:03.240Z

Updated: 2023-12-18T16:30:03.240Z

Reserved: 2023-11-18T22:10:24.155Z

Link: CVE-2023-48766

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-18T17:15:10.583

Modified: 2023-12-20T04:18:59.910

Link: CVE-2023-48766

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-48766", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-11-18T22:10:24.155Z", "datePublished": "2023-12-18T16:30:03.240Z", "dateUpdated": "2023-12-18T16:30:03.240Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "svgator", "product": "SVGator \u2013 Add Animated SVG Easily", "vendor": "SVGator", "versions": [{"lessThanOrEqual": "1.2.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Abdi Pranata (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator \u2013 Add Animated SVG Easily.<p>This issue affects SVGator \u2013 Add Animated SVG Easily: from n/a through 1.2.4.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator \u2013 Add Animated SVG Easily.This issue affects SVGator \u2013 Add Animated SVG Easily: from n/a through 1.2.4.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-12-18T16:30:03.240Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/svgator/wordpress-svgator-add-animated-svg-easily-plugin-1-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress SVGator \u2013 Add Animated SVG Easily Plugin <= 1.2.4 is vulnerable to Cross Site Request Forgery (CSRF)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:svgator:svgator:*:*:*:*:*:*:wordpress:*", "matchCriteriaId": "1DABE214-D1A6-40B2-8634-3DFB0AC1655E", "versionEndIncluding": "1.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator \u2013 Add Animated SVG Easily.This issue affects SVGator \u2013 Add Animated SVG Easily: from n/a through 1.2.4.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en SVGatorSVGator \u2013 Add Animated SVG Easily. Este problema afecta a SVGator \u2013 Add Animated SVG Easily: desde n/a hasta 1.2.4."}], "id": "CVE-2023-48766", "lastModified": "2023-12-20T04:18:59.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2023-12-18T17:15:10.583", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/svgator/wordpress-svgator-add-animated-svg-easily-plugin-1-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Secondary"}]}