CVE-2023-0504: HT Politic < 2.3.8 - Arbitrary Plugin Activation via CSRF
First published: Mon Mar 27 2023(Updated: )
The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HasThemes HT Politic | <2.3.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-0504?
CVE-2023-0504 is a vulnerability in the HT Politic WordPress plugin before 2.3.8 that allows attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack.
How does CVE-2023-0504 affect HT Politic?
CVE-2023-0504 affects HT Politic WordPress plugin version 2.3.8 and earlier by not having CSRF check when activating plugins.
What is the severity of CVE-2023-0504?
CVE-2023-0504 has a severity rating of medium with a CVSS score of 4.3.
How can I fix CVE-2023-0504?
To fix CVE-2023-0504, update your HT Politic WordPress plugin to version 2.3.8 or later.
Where can I find more information about CVE-2023-0504?
You can find more information about CVE-2023-0504 at the following reference: [https://wpscan.com/vulnerability/b427841d-a3ad-4e3a-8964-baad90a9aedb]
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hasthemes
- canonical/hasthemes ht politic