CVE-2023-0505: Ever Compare <= 1.2.3 - Arbitrary Plugin Activation via CSRF
First published: Mon Mar 27 2023(Updated: )
The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hasthemes Ever Compare | <=1.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-0505?
CVE-2023-0505 is a vulnerability in the Ever Compare WordPress plugin through version 1.2.3 that allows attackers to activate arbitrary plugins via a CSRF attack.
How does CVE-2023-0505 affect the Ever Compare plugin?
CVE-2023-0505 affects the Ever Compare plugin by not having a CSRF check when activating plugins, allowing attackers to activate arbitrary plugins.
What is the severity of CVE-2023-0505?
CVE-2023-0505 has a severity value of 4.3, which is considered medium.
How can I fix CVE-2023-0505?
To fix CVE-2023-0505, update the Ever Compare plugin to version 1.2.4 or later, which includes a CSRF check when activating plugins.
Where can I find more information about CVE-2023-0505?
You can find more information about CVE-2023-0505 at the following reference link: [https://wpscan.com/vulnerability/dbabff3e-b021-49ed-aaf3-b73a77d4b354](https://wpscan.com/vulnerability/dbabff3e-b021-49ed-aaf3-b73a77d4b354)
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/hasthemes
- canonical/hasthemes ever compare
- version/hasthemes ever compare/1.2.3