CVE-2023-1088: WP Plugin Manager < 1.1.8 - Arbitrary Plugin Activation via CSRF
First published: Mon Mar 27 2023(Updated: )
The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hasthemes Wp Plugin Manager | <1.1.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-1088?
CVE-2023-1088 is a vulnerability in the WP Plugin Manager WordPress plugin before version 1.1.8 that allows attackers to activate arbitrary plugins present on the blog via a CSRF attack.
How severe is CVE-2023-1088?
CVE-2023-1088 has a severity rating of medium with a CVSS score of 4.3.
How does CVE-2023-1088 affect the WP Plugin Manager WordPress plugin?
CVE-2023-1088 affects the WP Plugin Manager WordPress plugin before version 1.1.8 by not having a CSRF check when activating plugins, allowing attackers to make logged in admins activate arbitrary plugins via CSRF attacks.
How can I fix CVE-2023-1088?
To fix CVE-2023-1088, update the WP Plugin Manager WordPress plugin to version 1.1.8 or later, which includes a CSRF check when activating plugins.
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-1088?
The CWE ID for CVE-2023-1088 is CWE-352, which refers to Cross-Site Request Forgery (CSRF) vulnerabilities.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/hasthemes
- canonical/hasthemes wp plugin manager