CVE-2023-47870

Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*

History

06 Dec 2023, 15:21

Type	Values Removed	Values Added
First Time		Gvectors Gvectors wpforo Forum
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
References	~~() https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve -~~	() https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve - Third Party Advisory
CPE		cpe:2.3:a:gvectors:wpforo_forum::::::wordpress::*

30 Nov 2023, 18:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-30 18:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-47870

Mitre link : CVE-2023-47870

CVE.ORG link : CVE-2023-47870

JSON object : View

Products Affected

gvectors

wpforo_forum

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-862

Missing Authorization

{"id": "CVE-2023-47870", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2023-11-30T18:15:07.513", "references": [{"url": "https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.\n\n"}, {"lang": "es", "value": "Cross-Site Request Forgery (CSRF), vulnerabilidad de autorizaci\u00f3n faltante en gVectors Team wpForo Forum wpforo permite Cross-Site Request Forgery, funcionalidad de acceso no restringida adecuadamente por las ACL, lo que obliga a todos los usuarios a cerrar sesi\u00f3n. Este problema afecta al foro de wpForo: desde n/a hasta 2.2.6."}], "lastModified": "2023-12-06T15:21:19.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5233A191-145B-4F8F-85E2-3529D3EA4846", "versionEndIncluding": "2.2.6"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}