Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
December 27, 2023Rewterz Threat Advisory – Fake WordPress Plugin Targets E-Commerce Sites for Credit Card Theft – Active IOCs
December 27, 2023Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
December 27, 2023Rewterz Threat Advisory – Fake WordPress Plugin Targets E-Commerce Sites for Credit Card Theft – Active IOCs
December 27, 2023Severity
High
Analysis Summary
CVE-2023-49769 CVSS: 4.3
Integrate Google Drive Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-49744 CVSS: 5.4
Gift Up Gift Cards for WordPress and WooCommerce Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-49766 CVSS: 7.1
Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-6316 CVSS: 9.8
MW WP Form Plugin for WordPress could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions when the “Saving inquiry data in database” option is enabled. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.
CVE-2023-49771 CVSS: 7.1
Smart External Link Click Monitor Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-47521 CVSS: 7.1
Q2W3 Post Order Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-6553 CVSS: 9.8
Backup Migration plugin for WordPress could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in /includes/backup-heart.php file. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-47871 CVSS: 8.8
Contact Form to Any API plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-48287 CVSS: 8.8
TextMe SMS plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-48777 CVSS: 8.8
Elementor Website Builder plugin for WordPress could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions by the template import function. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.
CVE-2023-47548 CVSS: 4.7
Integrate Google Drive Plugin for WordPress could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites.
CVE-2023-5761 CVSS: 9.8
Burst Statistics plugin for WordPress and Burst Statistics Pro plugin for WordPress are vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements using the url parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2023-6219 CVSS: 7.2
BookingPress Plugin for WordPress could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions by the bookingpress_process_upload function. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.
CVE-2023-48752 CVSS:7.1
Happyforms plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Cross-Site Scripting
- Code Execution
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-49769
- CVE-2023-49744
- CVE-2023-49766
- CVE-2023-6316
- CVE-2023-49771
- CVE-2023-47521
- CVE-2023-6553
- CVE-2023-47871
- CVE-2023-48287
- CVE-2023-48777
- CVE-2023-47548
- CVE-2023-5761
- CVE-2023-6219
- CVE-2023-48752
Affected Vendors
WordPress
Affected Products
- Integrate Google Drive Plugin for WordPress 2.2.24
- Gift Up Gift Cards for WordPress and WooCommerce Plugin for WordPress 2.21.3
- Themefic Ultimate Addons for Contact Form 7 plugin for WordPress 3.2.0
- MW WP Form Plugin for WordPress 5.0.1
- Smart External Link Click Monitor Plugin for WordPress 5.0.2
- Q2W3 Post Order Plugin for WordPress 1.2.8
- Backup Migration plugin for WordPress 1.3.7
- Contact Form to Any API plugin for WordPress 1.1.6
- TextMe SMS plugin for WordPress 1.9.0
- Elementor Elementor Website Builder plugin for WordPress 3.18.1
- Integrate Google Drive Plugin for WordPress 1.3.2
- Burst Statistics plugin for WordPress 1.4.0
- Burst Statistics Pro plugin for WordPress 1.4.0
- BookingPress plugin for WordPress 1.0.30
- Happyforms plugin for WordPress 1.21.0
- Happyforms plugin for WordPress 1.20.0
Remediation
Refer to WordPress Plugin Directory for patch, upgrade, or suggested workaround information.