Rewterz

Rewterz Threat Advisory – CVE-2023-36542 – Apache NiFi Vulnerability

August 1, 2023
Rewterz

Rewterz Threat Advisory – CVE-2023-32445 – Apple Safari, watchOS, iOS, iPadOS, tvOS and macOS Ventura Vulnerability

August 1, 2023

Rewterz Threat Advisory – CVE-2023-3977 – Multiple plugins for WordPress by Inisev Vulnerability

Severity

Medium

Analysis Summary

CVE-2023-3977

Multiple plugins for WordPress by Inisev are vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the handle_installation function. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

Impact

  • Gain Access

Indicators Of Compromise

CVE

  • CVE-2023-3977

Affected Vendors

WordPress

Affected Products

  • Inisev Plugins for WordPress

Remediation

Upgrade to the latest version of Inisev Plugins, available from the WordPress Plugin Directory.

Backup Migration Plugin

Clone Plugin

Duplicate Post Plugin

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.