CVE-2023-22687 - Vulnerability Details - OpenCVE

Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin <= 1.9.4.0 versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Freesoul Deactivate Plugins - Plugin Manager And Cleanup Project	Freesoul Deactivate Plugins - Plugin Manager And Cleanup

Configuration 1 [-]

cpe:2.3:a:freesoul_deactivate_plugins_-_plugin_manager_and_cleanup_project:freesoul_deactivate_plugins_-_plugin_manager_and_cleanup:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/freesoul-deactivate-plugins/wordpress-freesoul-deactivate-plugins-plugin-manager-and-cleanup-plugin-1-9-4-0-content-spoofing?_s_id=cve

History

Fri, 10 Jan 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2023-04-16T08:08:23.411Z

Updated: 2025-01-10T18:53:51.156Z

Reserved: 2023-01-06T12:02:56.523Z

Link: CVE-2023-22687

Vulnrichment

Updated: 2024-08-02T10:13:50.030Z

NVD

Status : Modified

Published: 2023-04-16T09:15:08.763

Modified: 2024-11-21T07:45:13.287

Link: CVE-2023-22687

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22687", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-01-06T12:02:56.523Z", "datePublished": "2023-04-16T08:08:23.411Z", "dateUpdated": "2025-01-10T18:53:51.156Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "freesoul-deactivate-plugins", "product": "Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup", "vendor": "Jose Mortellaro", "versions": [{"changes": [{"at": "1.9.4.1", "status": "unaffected"}], "lessThanOrEqual": "1.9.4.0", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Justiice (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup plugin <=<span style=\"background-color: var(--wht);\"> 1.9.4.0 versions.</span>"}], "value": "Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup plugin <=\u00a01.9.4.0 versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-04-16T08:08:23.411Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/freesoul-deactivate-plugins/wordpress-freesoul-deactivate-plugins-plugin-manager-and-cleanup-plugin-1-9-4-0-content-spoofing?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 1.9.4.1 or a higher version."}], "value": "Update to\u00a01.9.4.1 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup Plugin <= 1.9.4.0 is vulnerable to Sensitive Data Exposure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:13:50.030Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/freesoul-deactivate-plugins/wordpress-freesoul-deactivate-plugins-plugin-manager-and-cleanup-plugin-1-9-4-0-content-spoofing?_s_id=cve"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-10T17:42:10.679155Z", "id": "CVE-2023-22687", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-10T18:53:51.156Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/freesoul-deactivate-plugins/wordpress-freesoul-deactivate-plugins-plugin-manager-and-cleanup-plugin-1-9-4-0-content-spoofing?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:13:50.030Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-22687", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-10T17:42:10.679155Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-10T17:42:12.006Z"}}], "cna": {"title": "WordPress Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup Plugin <= 1.9.4.0 is vulnerable to Sensitive Data Exposure", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Justiice (Patchstack Alliance)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Jose Mortellaro", "product": "Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup", "versions": [{"status": "affected", "changes": [{"at": "1.9.4.1", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.9.4.0"}], "packageName": "freesoul-deactivate-plugins", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to\u00a01.9.4.1 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 1.9.4.1 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/freesoul-deactivate-plugins/wordpress-freesoul-deactivate-plugins-plugin-manager-and-cleanup-plugin-1-9-4-0-content-spoofing?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup plugin <=\u00a01.9.4.0 versions.", "supportingMedia": [{"type": "text/html", "value": "Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup plugin <=<span style=\"background-color: var(--wht);\"> 1.9.4.0 versions.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-04-16T08:08:23.411Z"}}}, "cveMetadata": {"cveId": "CVE-2023-22687", "state": "PUBLISHED", "dateUpdated": "2025-01-10T18:53:51.156Z", "dateReserved": "2023-01-06T12:02:56.523Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2023-04-16T08:08:23.411Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freesoul_deactivate_plugins_-_plugin_manager_and_cleanup_project:freesoul_deactivate_plugins_-_plugin_manager_and_cleanup:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "EF4E5CF9-1257-4AD8-B744-2CD6F7201D94", "versionEndIncluding": "1.9.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup plugin <=\u00a01.9.4.0 versions."}], "id": "CVE-2023-22687", "lastModified": "2024-11-21T07:45:13.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-16T09:15:08.763", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/freesoul-deactivate-plugins/wordpress-freesoul-deactivate-plugins-plugin-manager-and-cleanup-plugin-1-9-4-0-content-spoofing?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/freesoul-deactivate-plugins/wordpress-freesoul-deactivate-plugins-plugin-manager-and-cleanup-plugin-1-9-4-0-content-spoofing?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-922"}], "source": "audit@patchstack.com", "type": "Secondary"}]}