Vulnerabilites related to popups - Pop-up
CVE-2023-3977 (GCVE-0-2023-3977)
Vulnerability from cvelistv5
Published
2023-07-28 04:37
Modified
2025-02-05 19:38
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE
Summary
Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=cve
https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343
https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427
https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8&old=2923021&new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9&new=2923021&sfp_email=&sfph_mail=
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432
https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823769%40http-https-remover%2Ftags%2F3.2.3&new=2944114%40http-https-remover%2Ftags%2F3.2.4
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7&new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115
https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720&old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php
Impacted products
Vendor Product Version
steve85b SSL Mixed Content Fix Version: *    3.2.3
 Create a notification for this product.
   copydeleteposts Duplicate Post Version: *    1.3.9
 Create a notification for this product.
   socialsharepro Social Share Icons & Social Share Buttons Version: *    3.5.7
 Create a notification for this product.
   cl272 Ultimate Posts Widget Version: *    2.2.4
 Create a notification for this product.
   migrate Backup Migration Version: *    1.2.7
 Create a notification for this product.
   popups Pop-up Version: *    1.1.9
 Create a notification for this product.
   socialdude Redirection Version: *    1.1.3
 Create a notification for this product.
   migrate Clone Version: *    2.3.7
 Create a notification for this product.
   socialdude Social Media Share Buttons & Social Sharing Icons Version: *    2.8.1
 Create a notification for this product.
   s-feeds RSS Redirect & Feedburner Alternative Version: *    3.7
 Create a notification for this product.
   cl272 Enhanced Text Widget Version: *    1.5.7
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:08:50.857Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8\u0026old=2923021\u0026new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9\u0026new=2923021\u0026sfp_email=\u0026sfph_mail="
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823769%40http-https-remover%2Ftags%2F3.2.3\u0026new=2944114%40http-https-remover%2Ftags%2F3.2.4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7\u0026new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720\u0026old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3977",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T18:29:00.403777Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T19:38:18.805Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SSL Mixed Content Fix",
          "vendor": "steve85b",
          "versions": [
            {
              "lessThanOrEqual": "3.2.3",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Duplicate Post",
          "vendor": "copydeleteposts",
          "versions": [
            {
              "lessThanOrEqual": "1.3.9",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Social Share Icons \u0026 Social Share Buttons",
          "vendor": "socialsharepro",
          "versions": [
            {
              "lessThanOrEqual": "3.5.7",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Ultimate Posts Widget",
          "vendor": "cl272",
          "versions": [
            {
              "lessThanOrEqual": "2.2.4",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Backup Migration",
          "vendor": "migrate",
          "versions": [
            {
              "lessThanOrEqual": "1.2.7",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pop-up",
          "vendor": "popups",
          "versions": [
            {
              "lessThanOrEqual": "1.1.9",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Redirection",
          "vendor": "socialdude",
          "versions": [
            {
              "lessThanOrEqual": "1.1.3",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Clone",
          "vendor": "migrate",
          "versions": [
            {
              "lessThanOrEqual": "2.3.7",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Social Media Share Buttons \u0026 Social Sharing Icons",
          "vendor": "socialdude",
          "versions": [
            {
              "lessThanOrEqual": "2.8.1",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RSS Redirect \u0026 Feedburner Alternative",
          "vendor": "s-feeds",
          "versions": [
            {
              "lessThanOrEqual": "3.7",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Enhanced Text Widget",
          "vendor": "cl272",
          "versions": [
            {
              "lessThanOrEqual": "1.5.7",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Chloe Chamberland"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-28T04:37:03.018Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8\u0026old=2923021\u0026new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9\u0026new=2923021\u0026sfp_email=\u0026sfph_mail="
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823769%40http-https-remover%2Ftags%2F3.2.3\u0026new=2944114%40http-https-remover%2Ftags%2F3.2.4"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7\u0026new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720\u0026old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-02-22T00:00:00.000+00:00",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2023-02-22T00:00:00.000+00:00",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2023-07-27T00:00:00.000+00:00",
          "value": "Disclosed"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2023-3977",
    "datePublished": "2023-07-28T04:37:03.018Z",
    "dateReserved": "2023-07-27T16:08:30.895Z",
    "dateUpdated": "2025-02-05T19:38:18.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-0958 (GCVE-0-2023-0958)
Vulnerability from cvelistv5
Published
2023-07-28 04:37
Modified
2024-09-27 20:03
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE
Summary
Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability.
References
https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=cve
https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343
https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427
https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8&old=2923021&new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9&new=2923021&sfp_email=&sfph_mail=
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432
https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823769%40http-https-remover%2Ftags%2F3.2.3&new=2944114%40http-https-remover%2Ftags%2F3.2.4
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7&new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115
https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720&old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php
Impacted products
Vendor Product Version
steve85b SSL Mixed Content Fix Version: *    3.2.3
 Create a notification for this product.
   copydeleteposts Duplicate Post Version: *    1.3.9
 Create a notification for this product.
   socialsharepro Social Share Icons & Social Share Buttons Version: *    3.5.7
 Create a notification for this product.
   cl272 Ultimate Posts Widget Version: *    2.2.4
 Create a notification for this product.
   migrate Backup Migration Version: *    1.2.7
 Create a notification for this product.
   popups Pop-up Version: *    1.1.9
 Create a notification for this product.
   socialdude Redirection Version: *    1.1.3
 Create a notification for this product.
   migrate Clone Version: *    2.3.7
 Create a notification for this product.
   socialdude Social Media Share Buttons & Social Sharing Icons Version: *    2.8.1
 Create a notification for this product.
   s-feeds RSS Redirect & Feedburner Alternative Version: *    3.7
 Create a notification for this product.
   cl272 Enhanced Text Widget Version: *    1.5.7
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:32:46.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8\u0026old=2923021\u0026new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9\u0026new=2923021\u0026sfp_email=\u0026sfph_mail="
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823769%40http-https-remover%2Ftags%2F3.2.3\u0026new=2944114%40http-https-remover%2Ftags%2F3.2.4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7\u0026new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720\u0026old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T20:01:32.204824Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T20:03:50.151Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SSL Mixed Content Fix",
          "vendor": "steve85b",
          "versions": [
            {
              "lessThanOrEqual": "3.2.3",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Duplicate Post",
          "vendor": "copydeleteposts",
          "versions": [
            {
              "lessThanOrEqual": "1.3.9",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Social Share Icons \u0026 Social Share Buttons",
          "vendor": "socialsharepro",
          "versions": [
            {
              "lessThanOrEqual": "3.5.7",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Ultimate Posts Widget",
          "vendor": "cl272",
          "versions": [
            {
              "lessThanOrEqual": "2.2.4",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Backup Migration",
          "vendor": "migrate",
          "versions": [
            {
              "lessThanOrEqual": "1.2.7",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pop-up",
          "vendor": "popups",
          "versions": [
            {
              "lessThanOrEqual": "1.1.9",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Redirection",
          "vendor": "socialdude",
          "versions": [
            {
              "lessThanOrEqual": "1.1.3",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Clone",
          "vendor": "migrate",
          "versions": [
            {
              "lessThanOrEqual": "2.3.7",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Social Media Share Buttons \u0026 Social Sharing Icons",
          "vendor": "socialdude",
          "versions": [
            {
              "lessThanOrEqual": "2.8.1",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RSS Redirect \u0026 Feedburner Alternative",
          "vendor": "s-feeds",
          "versions": [
            {
              "lessThanOrEqual": "3.7",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Enhanced Text Widget",
          "vendor": "cl272",
          "versions": [
            {
              "lessThanOrEqual": "1.5.7",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Chloe Chamberland"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-862 Missing Authorization",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-28T04:37:03.650Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8\u0026old=2923021\u0026new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9\u0026new=2923021\u0026sfp_email=\u0026sfph_mail="
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823769%40http-https-remover%2Ftags%2F3.2.3\u0026new=2944114%40http-https-remover%2Ftags%2F3.2.4"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7\u0026new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720\u0026old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-02-22T00:00:00.000+00:00",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2023-02-22T00:00:00.000+00:00",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2023-07-27T00:00:00.000+00:00",
          "value": "Disclosed"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2023-0958",
    "datePublished": "2023-07-28T04:37:03.650Z",
    "dateReserved": "2023-02-22T16:05:20.057Z",
    "dateUpdated": "2024-09-27T20:03:50.151Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}