The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.
History

Tue, 03 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-06-20T04:27:34.647Z

Updated: 2024-12-03T16:22:24.851Z

Reserved: 2023-06-19T16:11:05.271Z

Link: CVE-2023-3325

cve-icon Vulnrichment

Updated: 2024-08-02T06:55:03.508Z

cve-icon NVD

Status : Modified

Published: 2023-06-20T05:15:09.170

Modified: 2024-11-21T08:17:01.167

Link: CVE-2023-3325

cve-icon Redhat

No data.