CVE-2023-5611

MEDIUM

Seraphinite Accelerator < 2.20.32 - Unauthenticated Settings Reset and Import

Title source: llm
STIX 2.1

Description

The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/8cb8a5e9-2ab6-4d9b-9ffc-ef530e346f8d

Scores

CVSS v3 5.3
EPSS 0.0027
EPSS Percentile 18.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-862
Status published
Products (1)
s-sols/seraphinite_accelerator < 2.20.32
Published Nov 27, 2023
Tracked Since Feb 18, 2026