CVE-2023-52121 (GCVE-0-2023-52121)
Vulnerability from cvelistv5 – Published: 2024-01-05 09:22 – Updated: 2025-05-23 16:03
VLAI?
Summary
Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a through 1.10.2.
Severity ?
5.4 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NitroPack Inc. | NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images |
Affected:
n/a , ≤ 1.10.2
(custom)
|
Credits
Brandon Roldan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:12.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:10:25.416695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T16:03:32.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "nitropack",
"product": "NitroPack \u2013 Cache \u0026 Speed Optimization for Core Web Vitals, Defer CSS \u0026 JavaScript, Lazy load Images",
"vendor": "NitroPack Inc.",
"versions": [
{
"changes": [
{
"at": "1.10.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.10.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Brandon Roldan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack \u2013 Cache \u0026amp; Speed Optimization for Core Web Vitals, Defer CSS \u0026amp; JavaScript, Lazy load Images.\u003cp\u003eThis issue affects NitroPack \u2013 Cache \u0026amp; Speed Optimization for Core Web Vitals, Defer CSS \u0026amp; JavaScript, Lazy load Images: from n/a through 1.10.2.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack \u2013 Cache \u0026 Speed Optimization for Core Web Vitals, Defer CSS \u0026 JavaScript, Lazy load Images.This issue affects NitroPack \u2013 Cache \u0026 Speed Optimization for Core Web Vitals, Defer CSS \u0026 JavaScript, Lazy load Images: from n/a through 1.10.2.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T09:22:33.176Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;1.10.3 or a higher version."
}
],
"value": "Update to\u00a01.10.3 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress NitroPack Plugin \u003c= 1.10.2 is vulnerable to Cross Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-52121",
"datePublished": "2024-01-05T09:22:33.176Z",
"dateReserved": "2023-12-28T11:38:51.767Z",
"dateUpdated": "2025-05-23T16:03:32.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nitropack:nitropack:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"1.10.2\", \"matchCriteriaId\": \"5A08335D-82C5-4663-9430-F22829943E16\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack \\u2013 Cache \u0026 Speed Optimization for Core Web Vitals, Defer CSS \u0026 JavaScript, Lazy load Images.This issue affects NitroPack \\u2013 Cache \u0026 Speed Optimization for Core Web Vitals, Defer CSS \u0026 JavaScript, Lazy load Images: from n/a through 1.10.2.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de Cross-Site Request Forgery (CSRF) en NitroPack Inc. NitroPack \\u2013 Cache \u0026amp; Speed Optimization for Core Web Vitals, Defer CSS \u0026amp; JavaScript, Lazy load Images. Este problema afecta a NitroPack \\u2013 Cache \u0026amp; Speed Optimization for Core Web Vitals, Defer CSS \u0026amp; JavaScript, Lazy load Images: desde n/a hasta 1.10.2.\"}]",
"id": "CVE-2023-52121",
"lastModified": "2024-11-21T08:39:13.323",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"audit@patchstack.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2024-01-05T10:15:13.337",
"references": "[{\"url\": \"https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"audit@patchstack.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-52121\",\"sourceIdentifier\":\"audit@patchstack.com\",\"published\":\"2024-01-05T10:15:13.337\",\"lastModified\":\"2024-11-21T08:39:13.323\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack \u2013 Cache \u0026 Speed Optimization for Core Web Vitals, Defer CSS \u0026 JavaScript, Lazy load Images.This issue affects NitroPack \u2013 Cache \u0026 Speed Optimization for Core Web Vitals, Defer CSS \u0026 JavaScript, Lazy load Images: from n/a through 1.10.2.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de Cross-Site Request Forgery (CSRF) en NitroPack Inc. NitroPack \u2013 Cache \u0026amp; Speed Optimization for Core Web Vitals, Defer CSS \u0026amp; JavaScript, Lazy load Images. Este problema afecta a NitroPack \u2013 Cache \u0026amp; Speed Optimization for Core Web Vitals, Defer CSS \u0026amp; JavaScript, Lazy load Images: desde n/a hasta 1.10.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nitropack:nitropack:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"1.10.2\",\"matchCriteriaId\":\"5A08335D-82C5-4663-9430-F22829943E16\"}]}]}],\"references\":[{\"url\":\"https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T22:48:12.444Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-52121\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T19:10:25.416695Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T19:10:27.242Z\"}}], \"cna\": {\"title\": \"WordPress NitroPack Plugin \u003c= 1.10.2 is vulnerable to Cross Site Request Forgery (CSRF)\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Brandon Roldan (Patchstack Alliance)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"NitroPack Inc.\", \"product\": \"NitroPack \\u2013 Cache \u0026 Speed Optimization for Core Web Vitals, Defer CSS \u0026 JavaScript, Lazy load Images\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"1.10.3\", \"status\": \"unaffected\"}], \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.10.2\"}], \"packageName\": \"nitropack\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update to\\u00a01.10.3 or a higher version.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update to\u0026nbsp;1.10.3 or a higher version.\", \"base64\": false}]}], \"references\": [{\"url\": \"https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack \\u2013 Cache \u0026 Speed Optimization for Core Web Vitals, Defer CSS \u0026 JavaScript, Lazy load Images.This issue affects NitroPack \\u2013 Cache \u0026 Speed Optimization for Core Web Vitals, Defer CSS \u0026 JavaScript, Lazy load Images: from n/a through 1.10.2.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack \\u2013 Cache \u0026amp; Speed Optimization for Core Web Vitals, Defer CSS \u0026amp; JavaScript, Lazy load Images.\u003cp\u003eThis issue affects NitroPack \\u2013 Cache \u0026amp; Speed Optimization for Core Web Vitals, Defer CSS \u0026amp; JavaScript, Lazy load Images: from n/a through 1.10.2.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"CWE-352 Cross-Site Request Forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"shortName\": \"Patchstack\", \"dateUpdated\": \"2024-01-05T09:22:33.176Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-52121\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-23T16:03:32.096Z\", \"dateReserved\": \"2023-12-28T11:38:51.767Z\", \"assignerOrgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"datePublished\": \"2024-01-05T09:22:33.176Z\", \"assignerShortName\": \"Patchstack\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…