nvd-json-data-feeds/CVE-2023/CVE-2023-43xx/CVE-2023-4307.json

{
  "id": "CVE-2023-4307",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2023-09-11T20:15:12.117",
  "lastModified": "2024-11-21T08:34:49.603",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack"
    },
    {
      "lang": "es",
      "value": "El complemento de WordPress Lock User Account hasta la versi\u00f3n 1.0.3 no tiene verificaci\u00f3n CSRF cuando bloquea y desbloquea cuentas de forma masiva, lo que podr\u00eda permitir a los atacantes hacer que los administradores registrados bloqueen y desbloqueen usuarios arbitrarios a trav\u00e9s de un ataque CSRF."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:teknigar:lock_user_account:*:*:*:*:*:wordpress:*:*",
              "versionEndIncluding": "1.0.3",
              "matchCriteriaId": "7A281DC1-AF0D-4A4B-9B4B-A8A6EF07B793"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/06f7aa45-b5d0-4afb-95cc-8f1c82f6f8b3",
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://wpscan.com/vulnerability/06f7aa45-b5d0-4afb-95cc-8f1c82f6f8b3",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}