CVE-2023-47870

WordPress wpForo Forum Plugin <= 2.2.6 is vulnerable to Broken Access Control and Cross Site Request Forgery (CSRF)

CVSS 7.1 HIGHEPSS 0.3%CWE-352 CWE-862

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

30 nov 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Produtos afetados

gVectors Team · wpForo Forum

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve