CVE-2023-0958

Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability.

*Credits: Chloe Chamberland

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-02-22 CVE Reserved
2023-07-27 CVE Published
2024-08-03 EPSS Updated
2024-09-27 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-862: Missing Authorization

CAPEC

References (23)

URL	Tag	Source
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427	Product
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434	Product
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426	Product
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434	Product
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339	Product
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351	Product
https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427	Product
https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427	Product
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427	Product
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432	Product
https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427	Product
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343	Product
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351	Product
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424	Product
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434	Product
https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424	Product
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438	Product
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=cve	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720&old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php	2023-11-07
https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8&old=2923021&new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9&new=2923021&sfp_email=&sfph_mail=	2023-11-07
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823769%40http-https-remover%2Ftags%2F3.2.3&new=2944114%40http-https-remover%2Ftags%2F3.2.4	2023-11-07
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7&new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115	2023-11-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Backupbliss Search vendor "Backupbliss"		Backup Migration Search vendor "Backupbliss" for product "Backup Migration"				< 1.2.8 Search vendor "Backupbliss" for product "Backup Migration" and version " < 1.2.8"		wordpress		Affected
Backupbliss Search vendor "Backupbliss"		Clone Search vendor "Backupbliss" for product "Clone"				< 2.3.8 Search vendor "Backupbliss" for product "Clone" and version " < 2.3.8"		wordpress		Affected
Copy-delete-posts Search vendor "Copy-delete-posts"		Duplicate Post Search vendor "Copy-delete-posts" for product "Duplicate Post"				< 1.4.0 Search vendor "Copy-delete-posts" for product "Duplicate Post" and version " < 1.4.0"		wordpress		Affected
Inisev Search vendor "Inisev"		Redirection Search vendor "Inisev" for product "Redirection"				< 1.1.4 Search vendor "Inisev" for product "Redirection" and version " < 1.1.4"		wordpress		Affected
Inisev Search vendor "Inisev"		Rss Redirect \& Feedburner Alternative Search vendor "Inisev" for product "Rss Redirect \& Feedburner Alternative"				< 3.8 Search vendor "Inisev" for product "Rss Redirect \& Feedburner Alternative" and version " < 3.8"		wordpress		Affected
Inisev Search vendor "Inisev"		Ssl Mixed Content Fix Search vendor "Inisev" for product "Ssl Mixed Content Fix"				< 3.2.4 Search vendor "Inisev" for product "Ssl Mixed Content Fix" and version " < 3.2.4"		wordpress		Affected
Mypopups Search vendor "Mypopups"		Pop-up Search vendor "Mypopups" for product "Pop-up"				< 1.2.0 Search vendor "Mypopups" for product "Pop-up" and version " < 1.2.0"		wordpress		Affected
Socialshare Search vendor "Socialshare"		Social Share Icons \& Social Share Buttons Search vendor "Socialshare" for product "Social Share Icons \& Social Share Buttons"				< 3.5.8 Search vendor "Socialshare" for product "Social Share Icons \& Social Share Buttons" and version " < 3.5.8"		wordpress		Affected
Themecheck Search vendor "Themecheck"		Enhanced Text Widget Search vendor "Themecheck" for product "Enhanced Text Widget"				< 1.5.8 Search vendor "Themecheck" for product "Enhanced Text Widget" and version " < 1.5.8"		wordpress		Affected
Themecheck Search vendor "Themecheck"		Ultimate Posts Widget Search vendor "Themecheck" for product "Ultimate Posts Widget"				< 2.2.5 Search vendor "Themecheck" for product "Ultimate Posts Widget" and version " < 2.2.5"		wordpress		Affected
Ultimatelysocial Search vendor "Ultimatelysocial"		Social Media Share Buttons \& Social Sharing Icons Search vendor "Ultimatelysocial" for product "Social Media Share Buttons \& Social Sharing Icons"				< 2.8.2 Search vendor "Ultimatelysocial" for product "Social Media Share Buttons \& Social Sharing Icons" and version " < 2.8.2"		wordpress		Affected