CVE-2023-3510 (GCVE-0-2023-3510)

Vulnerability from cvelistv5 – Published: 2023-09-11 19:46 – Updated: 2024-08-02 06:55
VLAI
Title
FTP Access <= 1.0 - Subscriber+ Stored XSS
Summary
The FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the settings of the plugin. The attack could also be perform via CSRF against any authenticated user.
Assigner
References
URL Tags
https://wpscan.com/vulnerability/76abf4ac-5cc1-41… exploitvdb-entrytechnical-description
Impacted products
Vendor Product Version
Unknown FTP Access Affected: 0 , ≤ 1.0 (custom)
Create a notification for this product.
Credits
Bob Matyas WPScan
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:03.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/76abf4ac-5cc1-41a0-84c3-dff42c659581"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "affected",
          "product": "FTP Access",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThanOrEqual": "1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Bob Matyas"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the settings of the plugin. The attack could also be perform via CSRF against any authenticated user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79 Cross-Site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-11T19:46:07.825Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/76abf4ac-5cc1-41a0-84c3-dff42c659581"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "FTP Access \u003c= 1.0 - Subscriber+ Stored XSS",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2023-3510",
    "datePublished": "2023-09-11T19:46:07.825Z",
    "dateReserved": "2023-07-04T20:59:31.149Z",
    "dateUpdated": "2024-08-02T06:55:03.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-3510",
      "date": "2026-07-16",
      "epss": "0.00193",
      "percentile": "0.09103"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:danialhatami:ftp_access:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"1.0\", \"matchCriteriaId\": \"AC66056A-57D6-4DE3-8BE4-7B0F53E80FD0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the settings of the plugin. The attack could also be perform via CSRF against any authenticated user.\"}, {\"lang\": \"es\", \"value\": \"El complemento FTP Access WordPress hasta la versi\\u00f3n 1.0 no tiene autorizaci\\u00f3n ni verificaciones CSRF al actualizar su configuraci\\u00f3n y le falta sanitizaci\\u00f3n y escape en ellas, lo que permite a cualquier usuario autenticado, como el suscriptor, actualizarlas con payloads XSS, que se activar\\u00e1n cuando un administrador vea la configuraci\\u00f3n del complemento. El ataque tambi\\u00e9n podr\\u00eda realizarse mediante CSRF contra cualquier usuario autenticado.\"}]",
      "id": "CVE-2023-3510",
      "lastModified": "2024-11-21T08:17:25.400",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}]}",
      "published": "2023-09-11T20:15:10.040",
      "references": "[{\"url\": \"https://wpscan.com/vulnerability/76abf4ac-5cc1-41a0-84c3-dff42c659581\", \"source\": \"contact@wpscan.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://wpscan.com/vulnerability/76abf4ac-5cc1-41a0-84c3-dff42c659581\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "contact@wpscan.com",
      "vulnStatus": "Modified"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-3510\",\"sourceIdentifier\":\"contact@wpscan.com\",\"published\":\"2023-09-11T20:15:10.040\",\"lastModified\":\"2026-06-17T06:14:14.810\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the settings of the plugin. The attack could also be perform via CSRF against any authenticated user.\"},{\"lang\":\"es\",\"value\":\"El complemento FTP Access WordPress hasta la versi\u00f3n 1.0 no tiene autorizaci\u00f3n ni verificaciones CSRF al actualizar su configuraci\u00f3n y le falta sanitizaci\u00f3n y escape en ellas, lo que permite a cualquier usuario autenticado, como el suscriptor, actualizarlas con payloads XSS, que se activar\u00e1n cuando un administrador vea la configuraci\u00f3n del complemento. El ataque tambi\u00e9n podr\u00eda realizarse mediante CSRF contra cualquier usuario autenticado.\"}],\"affected\":[{\"source\":\"contact@wpscan.com\",\"affectedData\":[{\"vendor\":\"Unknown\",\"product\":\"FTP Access\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://wordpress.org/plugins\",\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"1.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:danialhatami:ftp_access:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"1.0\",\"matchCriteriaId\":\"AC66056A-57D6-4DE3-8BE4-7B0F53E80FD0\"}]}]}],\"references\":[{\"url\":\"https://wpscan.com/vulnerability/76abf4ac-5cc1-41a0-84c3-dff42c659581\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/76abf4ac-5cc1-41a0-84c3-dff42c659581\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "redhat_vex": {
      "current_release_date": "2025-05-28T22:48:03+00:00",
      "cve": "CVE-2023-3510",
      "id": "CVE-2023-3510",
      "initial_release_date": "2023-01-01T00:00:00+00:00",
      "product_status:known_not_affected": "1",
      "source": "Red Hat CSAF VEX",
      "status": "final",
      "title": "FTP Access \u003c= 1.0 - Subscriber+ Stored XSS",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3510.json",
      "version": "3"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…