Rewterz Threat Alert – PatchWork APT Threat Actor Group – Active IOCs
November 27, 2023Rewterz Threat Alert – APT37 Aka ScarCruft or RedEyes – Active IOCs
November 27, 2023Rewterz Threat Alert – PatchWork APT Threat Actor Group – Active IOCs
November 27, 2023Rewterz Threat Alert – APT37 Aka ScarCruft or RedEyes – Active IOCs
November 27, 2023Severity
Medium
Analysis Summary
CVE-2023-47790 CVSS:7.1
Pz-LinkCard Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-5338 CVSS:6.4
Theme Blvd Shortcodes plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-47821 CVSS:6.5
Email Encoder Bundle Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-47819 CVSS:4.3
Easy Call Now by ThikShare Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-47792 CVSS:4.3
Big File Uploads Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-47791 CVSS:4.3
Leadster Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-47786 CVSS:6.5
LayerSlider Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-47817 CVSS:6.5
Daily Prayer Time Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-47816 CVSS:6.5
Charitable Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-47815 CVSS:6.5
BP Profile Shortcodes Extra Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Cross-Site Scripting
- Gain Access
- Information Theft
Indicators Of Compromise
CVE
- CVE-2023-47790
- CVE-2023-5338
- CVE-2023-47821
- CVE-2023-47819
- CVE-2023-47792
- CVE-2023-47791
- CVE-2023-47786
- CVE-2023-47817
- CVE-2023-47816
- CVE-2023-47815
Affected Vendors
WordPress
Affected Products
- LayerSlider Plugin for WordPress 7.7.9
- Theme Blvd Shortcodes plugin for WordPress 1.6.8
- Email Encoder Bundle Plugin for WordPress 2.1.8
- Easy Call Now by ThikShare Plugin for WordPress 1.1.0
- Big File Uploads Plugin for WordPress 2.1.1
- Leadster plugin for WordPress 1.1.2
- Daily Prayer Time Plugin for WordPress 2023.10.13
- Charitable Plugin for WordPress 1.7.0.13
- BP Profile Shortcodes Extra Plugin for WordPress 2.5.2
Remediation
Refer to WordPress Plugin Directory for patch, upgrade or suggested workaround information.