CVE-2023-49148 (GCVE-0-2023-49148)
Vulnerability from cvelistv5 – Published: 2023-12-18 22:08 – Updated: 2024-08-02 21:46
VLAI?
Title
WordPress Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates Plugin <= 3.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5.
Severity ?
5.4 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kulwant Nagi | Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates |
Affected:
n/a , ≤ 3.0.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/affiliatebooster-blocks/wordpress-affiliate-booster-plugin-3-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "affiliatebooster-blocks",
"product": "Affiliate Booster \u2013 Pros \u0026 Cons, Notice, and CTA Blocks for Affiliates",
"vendor": "Kulwant Nagi",
"versions": [
{
"lessThanOrEqual": "3.0.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "LEE SE HYOUNG (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster \u2013 Pros \u0026amp; Cons, Notice, and CTA Blocks for Affiliates.\u003cp\u003eThis issue affects Affiliate Booster \u2013 Pros \u0026amp; Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster \u2013 Pros \u0026 Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster \u2013 Pros \u0026 Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T22:08:11.992Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/affiliatebooster-blocks/wordpress-affiliate-booster-plugin-3-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Affiliate Booster \u2013 Pros \u0026 Cons, Notice, and CTA Blocks for Affiliates Plugin \u003c= 3.0.5 is vulnerable to Cross Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-49148",
"datePublished": "2023-12-18T22:08:11.992Z",
"dateReserved": "2023-11-22T23:35:38.289Z",
"dateUpdated": "2024-08-02T21:46:29.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-49148",
"date": "2026-04-25",
"epss": "0.00059",
"percentile": "0.18358"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:affiliatebooster:affiliate_booster:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"3.0.5\", \"matchCriteriaId\": \"126A19C5-734F-46E5-92B8-BEACE4166310\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster \\u2013 Pros \u0026 Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster \\u2013 Pros \u0026 Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Kulwant Nagi Affiliate Booster \\u2013 Pros \u0026amp; Cons, Notice, and CTA Blocks for Affiliates. Este problema afecta a Kulwant Nagi Affiliate Booster \\u2013 Pros \u0026amp; Cons, Notice, and CTA Blocks for Affiliates: desde n/a hasta 3.0.5.\"}]",
"id": "CVE-2023-49148",
"lastModified": "2024-11-21T08:32:55.847",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"audit@patchstack.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2023-12-18T22:15:10.347",
"references": "[{\"url\": \"https://patchstack.com/database/vulnerability/affiliatebooster-blocks/wordpress-affiliate-booster-plugin-3-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/affiliatebooster-blocks/wordpress-affiliate-booster-plugin-3-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"audit@patchstack.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-49148\",\"sourceIdentifier\":\"audit@patchstack.com\",\"published\":\"2023-12-18T22:15:10.347\",\"lastModified\":\"2024-11-21T08:32:55.847\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster \u2013 Pros \u0026 Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster \u2013 Pros \u0026 Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Kulwant Nagi Affiliate Booster \u2013 Pros \u0026amp; Cons, Notice, and CTA Blocks for Affiliates. Este problema afecta a Kulwant Nagi Affiliate Booster \u2013 Pros \u0026amp; Cons, Notice, and CTA Blocks for Affiliates: desde n/a hasta 3.0.5.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:affiliatebooster:affiliate_booster:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"3.0.5\",\"matchCriteriaId\":\"126A19C5-734F-46E5-92B8-BEACE4166310\"}]}]}],\"references\":[{\"url\":\"https://patchstack.com/database/vulnerability/affiliatebooster-blocks/wordpress-affiliate-booster-plugin-3-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/affiliatebooster-blocks/wordpress-affiliate-booster-plugin-3-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…