Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability by SureTriggers

CVE-2023-49749 (GCVE-0-2023-49749)

Vulnerability from cvelistv5 – Published: 2023-12-15 15:45 – Updated: 2024-08-02 22:01
VLAI?
Title
WordPress SureTriggers Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!.This issue affects SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!: from n/a through 1.0.23.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE
  • CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
Vendor Product Version
SureTriggers SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! Affected: n/a , ≤ 1.0.23 (custom)
Create a notification for this product.
Credits
Rafie Muhammad (Patchstack)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:01:26.027Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/suretriggers/wordpress-suretriggers-plugin-1-0-23-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "suretriggers",
          "product": "SureTriggers \u2013 Connect All Your Plugins, Apps, Tools \u0026 Automate Everything!",
          "vendor": "SureTriggers",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.0.24",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.0.23",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers \u2013 Connect All Your Plugins, Apps, Tools \u0026amp; Automate Everything!.\u003cp\u003eThis issue affects SureTriggers \u2013 Connect All Your Plugins, Apps, Tools \u0026amp; Automate Everything!: from n/a through 1.0.23.\u003c/p\u003e"
            }
          ],
          "value": "Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers \u2013 Connect All Your Plugins, Apps, Tools \u0026 Automate Everything!.This issue affects SureTriggers \u2013 Connect All Your Plugins, Apps, Tools \u0026 Automate Everything!: from n/a through 1.0.23.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-15T15:45:00.770Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/suretriggers/wordpress-suretriggers-plugin-1-0-23-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to\u0026nbsp;1.0.24 or a higher version."
            }
          ],
          "value": "Update to\u00a01.0.24 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress SureTriggers Plugin \u003c= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-49749",
    "datePublished": "2023-12-15T15:45:00.770Z",
    "dateReserved": "2023-11-30T13:22:02.831Z",
    "dateUpdated": "2024-08-02T22:01:26.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}