Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities

December 27, 2023

Severity

High

Analysis Summary

CVE-2023-49769 CVSS: 4.3

Integrate Google Drive Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2023-49744 CVSS: 5.4

Gift Up Gift Cards for WordPress and WooCommerce Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2023-49766 CVSS: 7.1

Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-6316 CVSS: 9.8

MW WP Form Plugin for WordPress could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions when the “Saving inquiry data in database” option is enabled. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.

CVE-2023-49771 CVSS: 7.1

Smart External Link Click Monitor Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-47521 CVSS: 7.1

Q2W3 Post Order Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-6553 CVSS: 9.8

Backup Migration plugin for WordPress could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in /includes/backup-heart.php file. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-47871 CVSS: 8.8

Contact Form to Any API plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2023-48287 CVSS: 8.8

TextMe SMS plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2023-48777 CVSS: 8.8

Elementor Website Builder plugin for WordPress could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions by the template import function. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.

CVE-2023-47548 CVSS: 4.7

Integrate Google Drive Plugin for WordPress could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites.

CVE-2023-5761 CVSS: 9.8

Burst Statistics plugin for WordPress and Burst Statistics Pro plugin for WordPress are vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements using the url parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.

CVE-2023-6219 CVSS: 7.2

BookingPress Plugin for WordPress could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions by the bookingpress_process_upload function. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.

CVE-2023-48752 CVSS:7.1

Happyforms plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.