CVE-2023-23897
published 2023-07-10CVE-2023-23897: Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions.
PriorityP272high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.67%
73.9th percentile
Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ozette | simple_mobile_url_redirect | <= 1.7.2 | — |
| ozette_plugins | simple_mobile_url_redirect | n/a – 1.7.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-admin/options-general.php?page=simple-mobile-url-redirect-1.7%2Fmobile-redirect.php
commandmobiletoggle=&mobileurl=oast.pro&mobilemode=301&mobileredirectoncedays=7&submit=Save+Changes
- →Shodan query to identify exposed instances of the vulnerable plugin
- →Exploit flow requires two steps: authenticate via wp-login.php (HTTP 302 + wordpress_logged_in cookie), then POST to the plugin options page without a CSRF nonce
- →Successful exploitation confirmed by HTTP 200 response body containing 'Updated' and the injected mobileurl value
- →Vulnerable plugin path pattern to monitor in web server logs: options-general.php with page parameter referencing simple-mobile-url-redirect
- →Affected versions are <= 1.7.2; check installed plugin version against this threshold ↗
- ·The exploit requires the attacker to trick an authenticated administrator into triggering the forged request; it is not a direct unauthenticated attack
- ·The nuclei template uses authenticated flow (logs in first), so detection of the attack in the wild may appear as a legitimate admin POST to the plugin settings page — context and referrer header absence are key differentiators
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9h59-37fx-qm9x: Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1
ghsa_unreviewed·2023-07-10
CVE-2023-23897 [HIGH] CWE-352 GHSA-9h59-37fx-qm9x: Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1
Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions.
VulnCheck
ozette simple_mobile_url_redirect Cross-Site Request Forgery (CSRF)
vulncheck·2023·CVSS 4.3
CVE-2023-23897 [MEDIUM] ozette simple_mobile_url_redirect Cross-Site Request Forgery (CSRF)
ozette simple_mobile_url_redirect Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions.
Affected: ozette simple_mobile_url_redirect
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.reliaquest.com/blog/5-critical-threat-actors-you-need-to-know-about/
No detection rules found.
Nuclei
Ozette Plugins - Cross-Site Request Forgery
nuclei·CVSS 8.8
CVE-2023-23897 [HIGH] Ozette Plugins - Cross-Site Request Forgery
Ozette Plugins - Cross-Site Request Forgery
An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Template:
id: CVE-2023-23897
info:
name: Ozette Plugins - Cross-Site Request Forgery
author: popcorn94
severity: medium
description: |
An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
impact: |
Attackers can perform unauthorized actions on behalf of authenticated users, potentially leading to data manipulation or unauthorized redirects.
remediation: |
Update to version 1.7.3 or later with CSRF protections implemented.
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/simple-mobile-url-redirect/wordpress-simple-mobile-url-redirect-plugin-1-7-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/simple-mobile-url-redirect/wordpress-simple-mobile-url-redirect-plugin-1-7-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
2023-07-10
Published
Exploited in the wild