Rewterz Threat Advisory – CVE-2023-36542 – Apache NiFi Vulnerability

August 1, 2023

Rewterz Threat Advisory – CVE-2023-32445 – Apple Safari, watchOS, iOS, iPadOS, tvOS and macOS Ventura Vulnerability

August 1, 2023

Rewterz Threat Advisory – CVE-2023-3977 – Multiple plugins for WordPress by Inisev Vulnerability

August 1, 2023

Severity

Medium

Analysis Summary

CVE-2023-3977

Multiple plugins for WordPress by Inisev are vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the handle_installation function. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

Impact

Gain Access

Indicators Of Compromise

CVE

CVE-2023-3977

Affected Vendors

WordPress

Affected Products

Inisev Plugins for WordPress

Remediation

Upgrade to the latest version of Inisev Plugins, available from the WordPress Plugin Directory.

Backup Migration Plugin

Clone Plugin

Duplicate Post Plugin

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Microsoft Entra Account Lockouts Triggered by Token Logging Error

SideWinder APT Group aka Rattlesnake Targeting Pakistan – Active IOCs

SideWinder APT Group aka Rattlesnake – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – CVE-2023-36542 – Apache NiFi Vulnerability

Rewterz Threat Advisory – CVE-2023-32445 – Apple Safari, watchOS, iOS, iPadOS, tvOS and macOS Ventura Vulnerability

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.