How severe is CVE-2023-3325?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-3325?

This is classified as CWE-331, which is a common weakness in software security.

CVE-2023-3325 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.

Related Vulnerabilities

CVE-2008-2108

CRITICAL

CVSS:9.8(Critical)

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insuffici...

CWE-3312008

CVE-2013-2260

CRITICAL

CVSS:9.8(Critical)

Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness

CWE-3312013

CVE-2018-1000620

CRITICAL

CVSS:9.8(Critical)

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force some...

CWE-3312018

CVE-2020-12735

CRITICAL

CVSS:9.8(Critical)

reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.

CWE-3312020

CVE-2020-29508

CRITICAL

CVSS:9.8(Critical)

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.

CWE-3312020

CVE-2021-22727

CRITICAL

CVSS:9.8(Critical)

A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and...

CWE-3312021