CVE-2023-4939

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 21, 2023

Updated: Nov 7, 2023

CWE ID 352

Summary

CVE-2023-4939: The SALESmanago plugin for WordPress contains a Log Injection vulnerability up to version 3.2.4. The weakness resides in the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint, which is a SHA1 hash of the site URL and client ID. This exposure allows unauthenticated attackers to inject arbitrary content into log files. When coupled with another vulnerability, this could lead to severe consequences.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tlEwPW
https://www.cve.org/CVERecord?id=CVE-2023-4939
https://nvd.nist.gov/vuln/detail/CVE-2023-4939

Back to Vulnerability Database

CVE-2023-4939

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations