CVE-2023-0501: WP Insurance < 2.1.4 - Arbitrary Plugin Activation via CSRF
First published: Mon Mar 27 2023(Updated: )
The WP Insurance WordPress plugin before 2.1.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hasthemes Wp Insurance | <2.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2023-0501.
What is the severity rating of CVE-2023-0501?
The severity rating of CVE-2023-0501 is medium (6.5).
What is the affected software for CVE-2023-0501?
The affected software for CVE-2023-0501 is the WP Insurance WordPress plugin before version 2.1.4.
What is the CWE ID for CVE-2023-0501?
The CWE ID for CVE-2023-0501 is CWE-352.
How can an attacker exploit CVE-2023-0501?
An attacker can exploit CVE-2023-0501 by performing a CSRF attack to make logged in admins activate arbitrary plugins present on the blog.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/hasthemes
- canonical/hasthemes wp insurance