

Russians Targeted by New CMoon USB Worm Attacks to Steal Data – Active IOCs
August 8, 2024
BlackSuit Ransomware Demanding Up to $500 Million in Ransom Payments – Active IOCs
August 8, 2024
Russians Targeted by New CMoon USB Worm Attacks to Steal Data – Active IOCs
August 8, 2024
BlackSuit Ransomware Demanding Up to $500 Million in Ransom Payments – Active IOCs
August 8, 2024Severity
Medium
Analysis Summary
CVE-2023-36504 CVSS:6.5
BBS e-Popup Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing authorization. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to executing a certain higher privileged action.
CVE-2023-36512 CVSS:6.5
AutomateWoo Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing authorization. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to executing a certain higher privileged action.
Impact
- Security Bypass
Indicators of Compromise
CVE
- CVE-2023-36504
- CVE-2023-36512
Affected Vendors
Affected Products
- BBS e-Popup Plugin for WordPress
- AutomateWoo Plugin for WordPress 5.7.5
Remediation
Upgrade to the latest version of Plugin, available from the WordPress Plugin Directory.