CVE-2023-49838

Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme, KlbTheme Machic theme.This issue affects Clotya theme: from n/a through 1.1.6; Cosmetsy theme: from n/a through 1.7.7; Furnob theme: from n/a through 1.2.2; Bacola theme: from n/a through 1.3.3; Partdo theme: from n/a through 1.1.1; Medibazar theme: from n/a through 1.8.6; Machic theme: from n/a through 1.2.8.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/bacola/wordpress-bacola-theme-1-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/clotya/wordpress-clotya-theme-1-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/cosmetsy/wordpress-cosmetsy-theme-1-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/furnob/wordpress-furnob-theme-1-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/machic/wordpress-machic-theme-1-2-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/medibazar/wordpress-medibazar-theme-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/partdo/wordpress-partdo-theme-1-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Configurations

No configuration.

History

No history.

Information

Published : 2024-03-26 09:15

Updated : 2024-03-26 12:55

NVD link : CVE-2023-49838

Mitre link : CVE-2023-49838

CVE.ORG link : CVE-2023-49838

JSON object : View

Products Affected

No product.

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2023-49838", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-03-26T09:15:09.710", "references": [{"url": "https://patchstack.com/database/vulnerability/bacola/wordpress-bacola-theme-1-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/clotya/wordpress-clotya-theme-1-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/cosmetsy/wordpress-cosmetsy-theme-1-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/furnob/wordpress-furnob-theme-1-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/machic/wordpress-machic-theme-1-2-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/medibazar/wordpress-medibazar-theme-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/partdo/wordpress-partdo-theme-1-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme, KlbTheme Machic theme.This issue affects Clotya theme: from n/a through 1.1.6; Cosmetsy theme: from n/a through 1.7.7; Furnob theme: from n/a through 1.2.2; Bacola theme: from n/a through 1.3.3; Partdo theme: from n/a through 1.1.1; Medibazar theme: from n/a through 1.8.6; Machic theme: from n/a through 1.2.8.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el tema KlbTheme Clotya, el tema KlbTheme Cosmetsy, el tema KlbTheme Furnob, el tema KlbTheme Bacola, el tema KlbTheme Partdo, el tema KlbTheme Medibazar, el tema KlbTheme Machic. Este problema afecta al tema Clotya: desde n/a hasta 1.1 .6; Tema Cosmetsy: desde n/a hasta 1.7.7; Tema Furnob: desde n/a hasta 1.2.2; Tema Bacola: desde n/a hasta 1.3.3; Tema Partdo: desde n/a hasta 1.1.1; Tema Medibazar: desde n/a hasta 1.8.6; Tema Machic: desde n/a hasta 1.2.8."}], "lastModified": "2024-03-26T12:55:05.010", "sourceIdentifier": "audit@patchstack.com"}