WordPress WOLF Plugin <= 1.0.6 is vulnerable to CSRF leading to Stored Cross Site Scripting (XSS) vulnerability
CVE-2023-31218

7.1HIGH

Key Information:

Vendor: WordPress
Status: Wolf – WordPress Posts Bulk Editor And Manager Professional
Vendor: CVE Published:; 18 August 2023

What is CVE-2023-31218?

A Cross-Site Request Forgery (CSRF) issue exists in the WOLF – WordPress Posts Bulk Editor and Manager Professional plugin that can be exploited to achieve stored Cross-Site Scripting (XSS). This vulnerability affects versions up to 1.0.6 of the plugin, which could allow attackers to inject malicious scripts into web pages viewed by users, potentially compromising sensitive information and undermining user trust.

Affected Version(s)

WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.6

References

https://patchstack.com/database/vulnerability/bulk-editor...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2023
Vulnerability Reserved
Apr 25, 2023

Credit

Junsu Yeo (Patchstack Alliance)

CVE-2023-31218 Data

JSON