CVE-2023-32514 - Vulnerability Details - OpenCVE

Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Himanshuparashar	Google Site Verification Plugin Using Meta Tag

Configuration 1 [-]

cpe:2.3:a:himanshuparashar:google_site_verification_plugin_using_meta_tag:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/google-site-verification-using-meta-tag/wordpress-google-site-verification-plugin-using-meta-tag-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2023-11-18T22:24:56.887Z

Updated: 2024-08-02T15:18:37.634Z

Reserved: 2023-05-09T11:45:38.663Z

Link: CVE-2023-32514

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-18T23:15:08.997

Modified: 2024-11-21T08:03:30.800

Link: CVE-2023-32514

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32514", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-05-09T11:45:38.663Z", "datePublished": "2023-11-18T22:24:56.887Z", "dateUpdated": "2024-08-02T15:18:37.634Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "google-site-verification-using-meta-tag", "product": "Google Site Verification plugin using Meta Tag", "vendor": "Himanshu Parashar", "versions": [{"lessThanOrEqual": "1.2", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mika (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.<p>This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2.\n\n"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-11-18T22:24:56.887Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/google-site-verification-using-meta-tag/wordpress-google-site-verification-plugin-using-meta-tag-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Google Site Verification plugin using Meta Tag Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:18:37.634Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/google-site-verification-using-meta-tag/wordpress-google-site-verification-plugin-using-meta-tag-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:himanshuparashar:google_site_verification_plugin_using_meta_tag:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "1DC57B5E-478F-44B2-B2D3-7B02708CC4D0", "versionEndIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) mediante Meta Tag en el complemento Himanshu Parashar Google Site Verification. Este problema afecta mediante Meta Tag al complemento Google Site Verification: desde n/a hasta 1.2."}], "id": "CVE-2023-32514", "lastModified": "2024-11-21T08:03:30.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-18T23:15:08.997", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/google-site-verification-using-meta-tag/wordpress-google-site-verification-plugin-using-meta-tag-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/google-site-verification-using-meta-tag/wordpress-google-site-verification-plugin-using-meta-tag-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Secondary"}]}