CVE-2023-3427
published 2023-06-28CVE-2023-3427: The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or…
PriorityP419medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.30%
21.2th percentile
The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on the 'save_customer' function. This makes it possible for unauthenticated attackers to change the admin role to customer or change the user meta to arbitrary values via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| salonbookingsystem | salon_booking_system | <= 8.4.6 | — |
| wordpresschef | salon_booking_system_free_version | <= 8.4.7 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cisa9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c4m7-h3c3-2v6q: The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8
ghsa_unreviewed·2023-06-28
CVE-2023-3427 [MEDIUM] CWE-352 GHSA-c4m7-h3c3-2v6q: The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8
The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on the 'save_customer' function. This makes it possible for unauthenticated attackers to change the admin role to customer or change the user meta to arbitrary values via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
CISA
Apache Tomcat Remote Code Execution Vulnerability
cisa·2023-05-12·CVSS 9.8
CVE-2016-8735 [CRITICAL] CWE-284 Apache Tomcat Remote Code Execution Vulnerability
Vulnerability: Apache Tomcat Remote Code Execution Vulnerability
Affected: Apache Tomcat
Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.
Required Action: Apply updates per vendor instructions.
Notes: https://tomcat.apache.org/security-9.html; https://nvd.nist.gov/vuln/detail/CVE-2016-8735
Remediation Due Date: 2023-06-02
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Customers.php?rev=2779160#L68https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2931406%40salon-booking-system&new=2931406%40salon-booking-system&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/93875f19-d9b9-4e33-bba9-afc75cf26bf2?source=cvehttps://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Customers.php?rev=2779160#L68https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2931406%40salon-booking-system&new=2931406%40salon-booking-system&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/93875f19-d9b9-4e33-bba9-afc75cf26bf2?source=cve
2023-06-28
Published