CVE-2023-0502: WP News <= 1.1.9 - Arbitrary Plugin Activation via CSRF
First published: Mon Mar 27 2023(Updated: )
The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hasthemes Wp News | <=1.1.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-0502.
What is the severity of CVE-2023-0502?
The severity of CVE-2023-0502 is medium, with a severity value of 6.5.
How does CVE-2023-0502 affect the WP News WordPress plugin?
CVE-2023-0502 affects the WP News WordPress plugin version 1.1.9.
What is the impact of CVE-2023-0502?
CVE-2023-0502 allows attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack.
Is there a fix for CVE-2023-0502?
At the moment, there is no known fix for CVE-2023-0502. It is recommended to update to the latest version of the WP News WordPress plugin when it becomes available.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/hasthemes
- canonical/hasthemes wp news
- version/hasthemes wp news/1.1.9