CVE-2023-5611 — Missing Authorization in Seraphinite Accelerator

CWE-862 — Missing Authorization CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 73.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

S-sols Seraphinite Accelerator

Timeline

PublishedNov 27

Description

The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDs-sols/seraphinite_accelerator< 2.20.32

🔴Vulnerability Details

CVEList

Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import↗2023-11-27

▶

GHSA

GHSA-8993-7526-7h8g: The Seraphinite Accelerator WordPress plugin before 2↗2023-11-27

▶