CVE-2023-5006 — MEDIUM (6.5)

Q: How severe is CVE-2023-5006?

CVE-2023-5006 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-5006?

Check the references section above for vendor advisories and patch information. Affected products include: Sarveshmrao Wp Discord Invite.

Vulnerability Description

The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Sarveshmrao	Wp Discord Invite	< 2.5.1

Related Weaknesses (CWE)

CWE-352

References

https://wpscan.com/vulnerability/d29bcc1c-241b-4867-a0c8-4ae5f9d1c8e8ExploitThird Party Advisory
https://wpscan.com/vulnerability/d29bcc1c-241b-4867-a0c8-4ae5f9d1c8e8ExploitThird Party Advisory

FAQ

What is CVE-2023-5006?

CVE-2023-5006 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a log...

How severe is CVE-2023-5006?

CVE-2023-5006 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5006?

Check the references section above for vendor advisories and patch information. Affected products include: Sarveshmrao Wp Discord Invite.