cbcvebase.
CVE-2023-23897
published 2023-07-10

CVE-2023-23897: Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions.

PriorityP272high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.67%
73.9th percentile
Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions.

Affected

2 ranges
VendorProductVersion rangeFixed in
ozettesimple_mobile_url_redirect<= 1.7.2
ozette_pluginssimple_mobile_url_redirectn/a – 1.7.2

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/options-general.php?page=simple-mobile-url-redirect-1.7%2Fmobile-redirect.php
commandmobiletoggle=&mobileurl=oast.pro&mobilemode=301&mobileredirectoncedays=7&submit=Save+Changes
  • Shodan query to identify exposed instances of the vulnerable plugin
  • Exploit flow requires two steps: authenticate via wp-login.php (HTTP 302 + wordpress_logged_in cookie), then POST to the plugin options page without a CSRF nonce
  • Successful exploitation confirmed by HTTP 200 response body containing 'Updated' and the injected mobileurl value
  • Vulnerable plugin path pattern to monitor in web server logs: options-general.php with page parameter referencing simple-mobile-url-redirect
  • Affected versions are <= 1.7.2; check installed plugin version against this threshold
  • ·The exploit requires the attacker to trick an authenticated administrator into triggering the forged request; it is not a direct unauthenticated attack
  • ·The nuclei template uses authenticated flow (logs in first), so detection of the attack in the wild may appear as a legitimate admin POST to the plugin settings page — context and referrer header absence are key differentiators

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.