CVE-2023-0958 – Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function
https://notcve.org/view.php?id=CVE-2023-0958
Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability. • https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427 https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434 https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426 https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434 https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339 • CWE-862: Missing Authorization •
CVE-2023-3977 – Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function
https://notcve.org/view.php?id=CVE-2023-3977
Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427 https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434 https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426 https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434 https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-1331 – Redirection < 1.1.5 - Plugin Reset via CSRF
https://notcve.org/view.php?id=CVE-2023-1331
The Redirection WordPress plugin before 1.1.5 does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack. The Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the 'uninstall' function hooked via admin_post. This makes it possible for unauthenticated attackers to deactivate and reset the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/f81d9340-cf7e-46c4-b669-e61f2559cb8c • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-1330 – Redirection < 1.1.4 - Redirect Creation via CSRF
https://notcve.org/view.php?id=CVE-2023-1330
The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack. The Redirect Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on the addRedirect function. This makes it possible for unauthenticated attackers to add redirects, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/de4cff6d-0030-40e6-8221-fef56e12b4de • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-1580 – Redirection Page <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-1580
Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3) redir parameter in an add action in the redirection-page to wp-admin/options-general.php. Múltiples vulnerabilidades de CSRF en el plugin Redirection Page 1.2 para WordPress permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) cambian las configuraciones de los plugins o realizan ataques de XSS a través del parámetro (2) source o (3) redir en una acción de añadir en la página de redirección en wp-admin/options-general.php. • http://packetstormsecurity.com/files/130314/WordPress-Redirection-Page-1.2-CSRF-XSS.html • CWE-352: Cross-Site Request Forgery (CSRF) •