Request a Demo
Rewterz
Rewterz Threat Alert – Rhadamanthys Stealer – Active IOCs
May 29, 2023
Rewterz
Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
May 30, 2023

Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-24008 CVSS:4.3

Spam blacklist Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2023-25029 CVSS:4.3

WP Social Bookmarking Light Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2023-25034 CVSS:4.3

WP Clean Up Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2023-25038 CVSS:4.3

For the visually impaired Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2023-25058 CVSS:4.3

All In One Schema Rich Snippets Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2023-25470 CVSS:4.3

Rus-To-Lat Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

Impact

  • Gain Access

Indicators Of Compromise

CVE

  • CVE-2023-24008
  • CVE-2023-25029
  • CVE-2023-25034
  • CVE-2023-25038
  • CVE-2023-25058
  • CVE-2023-25470

Affected Vendors

WordPress

Affected Products

  • Spam Blacklist Plugin for WordPress 0.7.8
  • WP Social Bookmarking Light Plugin for WordPress 2.0.7
  • WP Clean Up Plugin for WordPress 1.2.3
  • For the visually impaired Plugin for WordPress 0.58
  • All In One Schema Rich Snippets Plugin for WordPress 1.6.5
  • Rus-To-Lat Plugin for WordPress 0.3

Remediation

Upgrade to the latest version of Store Locator Plugin for WordPress, available from WordPress Plugin Directory. 

CVE-2023-24008

CVE-2023-25029

CVE-2023-25034

CVE-2023-25038

CVE-2023-25058

CVE-2023-25470