Vulnerability Description
Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Backupbliss | Backup Migration | < 1.2.8 |
| Backupbliss | Clone | < 2.3.8 |
| Copy-Delete-Posts | Duplicate Post | < 1.4.0 |
| Inisev | Enhanced Text Widget | < 1.5.8 |
| Inisev | Redirection | < 1.1.4 |
| Inisev | Rss Redirect \& Feedburner Alternative | < 3.8 |
| Inisev | Ssl Mixed Content Fix | < 3.2.4 |
| Inisev | Ultimate Posts Widget | < 2.2.5 |
| Mypopups | Pop-Up | < 1.2.0 |
| Ultimatelysocial | Social Media Share Buttons \& Social Sharing Icons | < 3.5.8 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banExploit
- https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banExploit
- https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/mExploit
- https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/mExploit
- https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banneExploit
- https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banneExploit
- https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redireExploit
- https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/Exploit
- https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/bannExploit
- https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/bannExploit
- https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/incluExploit
- https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/bannExploit
- https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/bannExploit
- https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.Exploit
- https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.Exploit
FAQ
What is CVE-2023-3977?
CVE-2023-3977 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is ca...
How severe is CVE-2023-3977?
CVE-2023-3977 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-3977?
Check the references section above for vendor advisories and patch information. Affected products include: Backupbliss Backup Migration, Backupbliss Clone, Copy-Delete-Posts Duplicate Post, Inisev Enhanced Text Widget, Inisev Redirection.