CVE-2023-49155

MEDIUM

Published 2023-12-18T22:13:32.221Z

Actions:

CVSS Score

V3.1

4.3

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.001

probability

of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.393

Higher than 39.3% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Impact Metrics

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Description

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Wow-Company

Button Generator – easily Button Builder

Affected Versions:

n/a

WordPress Vulnerability

Identified and analyzed by Wordfence

Software Type

Plugin

Patch Status

Patched

Published

November 28, 2023

Software Details

Software Name

Button Generator – easily Button Builder

Software Slug

button-generation

Affected Versions

* - 2.3.8

Patched Versions

2.3.9

Remediation

Update to version 2.3.9, or a newer patched version

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/b73467de-fb0c-45e3-b3ae-5158b261907b?source=api-prod

References

https://patchstack.com/database/vulnerability/button-generation/wordpress-button-generator-easily-button-builder-plugin-2-3-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Published: 2023-12-18T22:13:32.221Z

Last Modified: 2024-11-20T20:33:14.811Z

Copied to clipboard!