CVE-2023-49838

26.03.2024, 09:15

Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme, KlbTheme Machic theme.This issue affects Clotya theme: from n/a through 1.1.6; Cosmetsy theme: from n/a through 1.7.7; Furnob theme: from n/a through 1.2.2; Bacola theme: from n/a through 1.3.3; Partdo theme: from n/a through 1.1.1; Medibazar theme: from n/a through 1.8.6; Machic theme: from n/a through 1.2.8.

CSRF

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Patchstack	CNA	4.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Common Weakness Enumeration

CWE-352 - Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References

https://patchstack.com/database/vulnerability/bacola/wordpress-bacola-theme-1-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/clotya/wordpress-clotya-theme-1-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/cosmetsy/wordpress-cosmetsy-theme-1-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/furnob/wordpress-furnob-theme-1-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/machic/wordpress-machic-theme-1-2-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/medibazar/wordpress-medibazar-theme-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/partdo/wordpress-partdo-theme-1-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/bacola/wordpress-bacola-theme-1-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/clotya/wordpress-clotya-theme-1-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/cosmetsy/wordpress-cosmetsy-theme-1-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/furnob/wordpress-furnob-theme-1-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/machic/wordpress-machic-theme-1-2-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/medibazar/wordpress-medibazar-theme-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/partdo/wordpress-partdo-theme-1-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve