CVE-2023-0403: CSRF
First published: Thu Jan 19 2023(Updated: )
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset network access tokens, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Warfareplugins Social Warfare | <4.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-0403?
CVE-2023-0403 refers to a vulnerability in the Social Warfare plugin for WordPress, which allows unauthenticated attackers to perform Cross-Site Request Forgery attacks.
What is the severity of CVE-2023-0403?
CVE-2023-0403 has a severity rating of medium with a CVSS score of 5.4.
How does CVE-2023-0403 affect the Social Warfare plugin?
CVE-2023-0403 affects versions up to and including 4.4.0 of the Social Warfare plugin for WordPress.
What can unauthenticated attackers do with CVE-2023-0403?
Unauthenticated attackers can use CVE-2023-0403 to delete post meta information and reset necessary settings.
How can I fix CVE-2023-0403?
To fix CVE-2023-0403, it is recommended to update the Social Warfare plugin to a version higher than 4.4.0.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/warfareplugins
- canonical/warfareplugins social warfare