CSRF Vulnerability in MooSocial by MooThemes
CVE-2023-44811

8.8HIGH

Key Information:

Vendor: Moosocial
Status: Moosocial
Vendor: CVE Published:; 9 October 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-44811?

A Cross Site Request Forgery (CSRF) vulnerability exists in MooSocial version 3.1.8, enabling an unauthorized remote attacker to exploit the admin Password Change Function. This flaw permits the attacker to execute arbitrary code and potentially access sensitive information without the consent of the user. Users of MooSocial are urged to evaluate the risk associated with this vulnerability and apply necessary security patches immediately.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-44811
Created by ahrixia

References

https://github.com/ahrixia/CVE-2023-44811

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2023
Vulnerability Reserved
Oct 2, 2023
🟡
Public PoC available
Sep 26, 2023
👾
Exploit known to exist
Sep 26, 2023

CVE-2023-44811 Data

JSON

Moosocial

Badges

What is CVE-2023-44811?

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline