CVE-2023-3055 in Page Builder Pluginالمعلومات

الملخص

بحسب MITRE • 03/06/2023

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_save' function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.

Be aware that VulDB is the high quality source for vulnerability data.

مسؤول

Wordfence

حجز

02/06/2023

إفشاء

03/06/2023

الاعتدال

تمت الموافقة

إدخال

VDB-230570

EPSS

0.00208

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

Do you know our Splunk app?

Download it now for free!