Vulnerabilities > CVE-2023-0958

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE

Summary

Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability.

Vulnerable Configurations

Part Description Count
Application
Inisev
50
Application
Themecheck
47
Application
Mypopups
21
Application
Copy-Delete-Posts
41
Application
Backupbliss
60
Application
Socialshare
8
Application
Ultimatelysocial
12

References