CVE-2023-0497: HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF
First published: Mon Mar 27 2023(Updated: )
The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hasthemes Ht Portfolio | <1.1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-0497?
CVE-2023-0497 is a vulnerability in the HT Portfolio WordPress plugin before version 1.1.6 that allows attackers to activate arbitrary plugins via a CSRF attack.
How does CVE-2023-0497 impact WordPress?
CVE-2023-0497 allows attackers to activate arbitrary plugins on a WordPress blog by exploiting a CSRF vulnerability in the HT Portfolio plugin.
What is the severity of CVE-2023-0497?
CVE-2023-0497 has a severity score of 4.3, which is classified as medium.
How can I fix CVE-2023-0497?
To fix CVE-2023-0497, update the HT Portfolio plugin to version 1.1.6 or later.
Is there any additional information about CVE-2023-0497?
You can find more information about CVE-2023-0497 at the following link: [https://wpscan.com/vulnerability/ae5b7776-9d0d-4db8-81c3-237b16cd9c62]
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/hasthemes
- canonical/hasthemes ht portfolio