{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3510", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2023-07-04T20:59:31.149Z", "datePublished": "2023-09-11T19:46:07.825Z", "dateUpdated": "2024-08-02T06:55:03.467Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-09-11T19:46:07.825Z"}, "title": "FTP Access <= 1.0 - Subscriber+ Stored XSS", "problemTypes": [{"descriptions": [{"description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "FTP Access", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThanOrEqual": "1.0"}], "defaultStatus": "affected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the settings of the plugin. The attack could also be perform via CSRF against any authenticated user."}], "references": [{"url": "https://wpscan.com/vulnerability/76abf4ac-5cc1-41a0-84c3-dff42c659581", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Bob Matyas", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.467Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/76abf4ac-5cc1-41a0-84c3-dff42c659581", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:danialhatami:ftp_access:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "AC66056A-57D6-4DE3-8BE4-7B0F53E80FD0", "versionEndIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the settings of the plugin. The attack could also be perform via CSRF against any authenticated user."}, {"lang": "es", "value": "El complemento FTP Access WordPress hasta la versi\u00f3n 1.0 no tiene autorizaci\u00f3n ni verificaciones CSRF al actualizar su configuraci\u00f3n y le falta sanitizaci\u00f3n y escape en ellas, lo que permite a cualquier usuario autenticado, como el suscriptor, actualizarlas con payloads XSS, que se activar\u00e1n cuando un administrador vea la configuraci\u00f3n del complemento. El ataque tambi\u00e9n podr\u00eda realizarse mediante CSRF contra cualquier usuario autenticado."}], "id": "CVE-2023-3510", "lastModified": "2024-11-21T08:17:25.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-11T20:15:10.040", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/76abf4ac-5cc1-41a0-84c3-dff42c659581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/76abf4ac-5cc1-41a0-84c3-dff42c659581"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified"}

{}