CVE-2023-33923
MEDIUMHashThemes Viral News <1.4.5, Viral <1.8.0, HashOne <1.3.0 - Info D...
Title source: llmDescription
Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0.
References (3)
Core 3
Core References
Third Party Advisory vdb-entry
https://patchstack.com/database/vulnerability/viral-news/wordpress-viral-news-theme-1-4-5-authenticated-arbitrary-plugin-activation-vulnerability?_s_id=cve
Scores
CVSS v3
4.3
EPSS
0.0050
EPSS Percentile
39.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (3)
HashThemes/HashOne
< 1.3.0
HashThemes/Viral
< 1.8.0
HashThemes/Viral News
< 1.4.5
Published
Mar 25, 2024
Tracked Since
Feb 18, 2026