Published on: Not Yet Published
Last Modified on: 01/25/2023 09:29:00 PM UTC
CVE-2023-0403Source: Mitre Source: NIST CVE.ORG Print: PDF
Certain versions of Social Warfare from Warfareplugins contain the following vulnerability:
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset network access tokens, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- CVE-2023-0403 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software: warfareplugins - Social Sharing Plugin – Social Warfare version = *
CVSS3 Score: 5.4 - MEDIUM
|Social Warfare <= 4.4.0 - Cross-Site Request Forgery|| www.wordfence.com |
|403 Forbidden|| plugins.trac.wordpress.org |
Inactive LinkNot Archived
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
No vendor comments have been submitted for this CVE
|@CVEreport||CVE-2023-0403 : The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up… twitter.com/i/web/status/1…||2023-01-19 15:05:36|
|@Robo_Alerts||Potentially Critical CVE Detected! CVE-2023-0403 The Social Warfare plugin for WordPress is vulnerable to Cross-Sit… twitter.com/i/web/status/1…||2023-01-19 15:56:01|