cbcvebase.
CVE-2023-0958
published 2023-07-28

CVE-2023-0958: Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation…

PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.56%
42.2th percentile
Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability.

Affected

22 ranges
VendorProductVersion rangeFixed in
backupblissbackup_migration< 1.2.81.2.8
backupblissclone< 2.3.82.3.8
cl272enhanced_text_widget<= 1.5.7
cl272ultimate_posts_widget<= 2.2.4
copy-delete-postsduplicate_post< 1.4.01.4.0
inisevbackupbliss_backup_migration_with_free_cloud_storage<= 1.2.7
inisevduplicate_post<= 1.3.9
inisevenhanced_text_widget< 1.5.81.5.8
inisevpop-up<= 1.1.9
inisevredirection< 1.1.41.1.4
inisevredirection<= 1.1.3
inisevrss_redirect_feedburner_alternative< 3.83.8
inisevsocial_media_share_buttons_social_sharing_icons<= 2.8.1
inisevsocial_share_icons_social_share_buttons<= 3.5.7
inisevssl_mixed_content_fix< 3.2.43.2.4
inisevultimate_posts_widget< 2.2.52.2.5
migrateclone<= 2.3.7
mypopupspop-up< 1.2.01.2.0
s-feedsrss_redirect_feedburner_alternative<= 3.7
socialsharesocial_share_icons_social_share_buttons< 3.5.83.5.8
steve85bssl_mixed_content_fix<= 3.2.3
ultimatelysocialsocial_media_share_buttons_social_sharing_icons< 2.8.22.8.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.