Multiple WordPress Plugins Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-36504 CVSS:6.5

BBS e-Popup Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing authorization. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to executing a certain higher privileged action.

CVE-2023-36512 CVSS:6.5

AutomateWoo Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing authorization. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to executing a certain higher privileged action.

Impact

Security Bypass

Indicators of Compromise

CVE

CVE-2023-36504
CVE-2023-36512

Affected Vendors

WordPress

Affected Products

BBS e-Popup Plugin for WordPress
AutomateWoo Plugin for WordPress 5.7.5

Remediation

Upgrade to the latest version of Plugin, available from the WordPress Plugin Directory.

CVE-2023-36504

CVE-2023-36512

Russians Targeted by New CMoon USB Worm Attacks to Steal Data – Active IOCs

BlackSuit Ransomware Demanding Up to $500 Million in Ransom Payments – Active IOCs

Multiple WordPress Plugins Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan