Cross-Site Request Forgery Vulnerability in Swifty Page Manager for WordPress
CVE-2023-0088

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Swifty Page Manager
Vendor: CVE Published:; 5 January 2023

Summary

The Swifty Page Manager plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in AJAX actions responsible for page management. Attackers can exploit this flaw by tricking site administrators into triggering unintended actions, which can lead to unauthorized creation or deletion of pages. This vulnerability poses significant risks, especially in environments where user roles are not adequately managed.

Affected Version(s)

Swifty Page Manager * <= 3.0.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/swifty-page-ma...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 5, 2023
Vulnerability Reserved
Jan 5, 2023

Credit

Marco Wotschka