CVE-2023-3977

Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

*Credits: Chloe Chamberland

CVSS Scores

NISTv3.1 4.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-07-27 CVE Reserved
2023-07-27 CVE Published
2024-08-02 CVE Updated
2024-08-02 First Exploit
2024-11-01 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-352: Cross-Site Request Forgery (CSRF)

CAPEC

References (23)

URL	Tag	Source
https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=cve	Third Party Advisory

URL	Date	SRC
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427	2024-08-02
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434	2024-08-02
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426	2024-08-02
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434	2024-08-02
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339	2024-08-02
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351	2024-08-02
https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427	2024-08-02
https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427	2024-08-02
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427	2024-08-02
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432	2024-08-02
https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427	2024-08-02
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343	2024-08-02
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351	2024-08-02
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424	2024-08-02
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434	2024-08-02
https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424	2024-08-02
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438	2024-08-02
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432	2024-08-02

URL	Date	SRC
https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720&old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php	2023-11-07
https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8&old=2923021&new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9&new=2923021&sfp_email=&sfph_mail=	2023-11-07
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823769%40http-https-remover%2Ftags%2F3.2.3&new=2944114%40http-https-remover%2Ftags%2F3.2.4	2023-11-07
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7&new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115	2023-11-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Backupbliss Search vendor "Backupbliss"		Backup Migration Search vendor "Backupbliss" for product "Backup Migration"				< 1.2.8 Search vendor "Backupbliss" for product "Backup Migration" and version " < 1.2.8"		wordpress		Affected
Backupbliss Search vendor "Backupbliss"		Clone Search vendor "Backupbliss" for product "Clone"				< 2.3.8 Search vendor "Backupbliss" for product "Clone" and version " < 2.3.8"		wordpress		Affected
Copy-delete-posts Search vendor "Copy-delete-posts"		Duplicate Post Search vendor "Copy-delete-posts" for product "Duplicate Post"				< 1.4.0 Search vendor "Copy-delete-posts" for product "Duplicate Post" and version " < 1.4.0"		wordpress		Affected
Inisev Search vendor "Inisev"		Redirection Search vendor "Inisev" for product "Redirection"				< 1.1.4 Search vendor "Inisev" for product "Redirection" and version " < 1.1.4"		wordpress		Affected
Inisev Search vendor "Inisev"		Rss Redirect \& Feedburner Alternative Search vendor "Inisev" for product "Rss Redirect \& Feedburner Alternative"				< 3.8 Search vendor "Inisev" for product "Rss Redirect \& Feedburner Alternative" and version " < 3.8"		wordpress		Affected
Inisev Search vendor "Inisev"		Ssl Mixed Content Fix Search vendor "Inisev" for product "Ssl Mixed Content Fix"				< 3.2.4 Search vendor "Inisev" for product "Ssl Mixed Content Fix" and version " < 3.2.4"		wordpress		Affected
Mypopups Search vendor "Mypopups"		Pop-up Search vendor "Mypopups" for product "Pop-up"				< 1.2.0 Search vendor "Mypopups" for product "Pop-up" and version " < 1.2.0"		wordpress		Affected
Themecheck Search vendor "Themecheck"		Enhanced Text Widget Search vendor "Themecheck" for product "Enhanced Text Widget"				< 1.5.8 Search vendor "Themecheck" for product "Enhanced Text Widget" and version " < 1.5.8"		wordpress		Affected
Themecheck Search vendor "Themecheck"		Ultimate Posts Widget Search vendor "Themecheck" for product "Ultimate Posts Widget"				< 2.2.5 Search vendor "Themecheck" for product "Ultimate Posts Widget" and version " < 2.2.5"		wordpress		Affected
Ultimatelysocial Search vendor "Ultimatelysocial"		Social Media Share Buttons \& Social Sharing Icons Search vendor "Ultimatelysocial" for product "Social Media Share Buttons \& Social Sharing Icons"				< 3.5.8 Search vendor "Ultimatelysocial" for product "Social Media Share Buttons \& Social Sharing Icons" and version " < 3.5.8"		wordpress		Affected