May 3, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Rhadamanthys Stealer – Active IOCs
May 29, 2023
Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
May 30, 2023
Rewterz Threat Alert – Rhadamanthys Stealer – Active IOCs
May 29, 2023
Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
May 30, 2023
Severity
Medium
Analysis Summary
CVE-2023-24008 CVSS:4.3
Spam blacklist Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-25029 CVSS:4.3
WP Social Bookmarking Light Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-25034 CVSS:4.3
WP Clean Up Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-25038 CVSS:4.3
For the visually impaired Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-25058 CVSS:4.3
All In One Schema Rich Snippets Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-25470 CVSS:4.3
Rus-To-Lat Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Impact
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-24008
- CVE-2023-25029
- CVE-2023-25034
- CVE-2023-25038
- CVE-2023-25058
- CVE-2023-25470
Affected Vendors
WordPress
Affected Products
- Spam Blacklist Plugin for WordPress 0.7.8
- WP Social Bookmarking Light Plugin for WordPress 2.0.7
- WP Clean Up Plugin for WordPress 1.2.3
- For the visually impaired Plugin for WordPress 0.58
- All In One Schema Rich Snippets Plugin for WordPress 1.6.5
- Rus-To-Lat Plugin for WordPress 0.3
Remediation
Upgrade to the latest version of Store Locator Plugin for WordPress, available from WordPress Plugin Directory.