CVE-2023-3325

HIGH

CMS Commander <2.287 - Auth Bypass

Title source: llm

Description

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.

References (3)

[Product] https://plugins.trac.wordpress.org/browser/cms-commander-client/tags/2.287/init.php#L88

[Patch] https://plugins.trac.wordpress.org/changeset/2927811/cms-commander-client

[Patch, Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/ca37d453-9f9a-46b2-a17f-65a16e3e2ed1?source=cve

Scores

CVSS v3 8.1

EPSS 0.0012

EPSS Percentile 30.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-331 CWE-345

Status published

Products (2)

cmscommander/cms_commander < 2.287

thoefter/CMS Commander – Manage Multiple Sites < 2.287

Published Jun 20, 2023

Tracked Since Feb 18, 2026