Vulnerability Description
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cmscommander | Cms Commander | <= 2.287 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/cms-commander-client/tags/2.287/init.Product
- https://plugins.trac.wordpress.org/changeset/2927811/cms-commander-clientPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ca37d453-9f9a-46b2-a17PatchThird Party Advisory
- https://plugins.trac.wordpress.org/browser/cms-commander-client/tags/2.287/init.Product
- https://plugins.trac.wordpress.org/changeset/2927811/cms-commander-clientPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ca37d453-9f9a-46b2-a17PatchThird Party Advisory
FAQ
What is CVE-2023-3325?
CVE-2023-3325 is a vulnerability with a CVSS score of 8.1 (HIGH). The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and i...
How severe is CVE-2023-3325?
CVE-2023-3325 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-3325?
Check the references section above for vendor advisories and patch information. Affected products include: Cmscommander Cms Commander.