CVE-2023-2495

low-risk
Published 2023-07-10

The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Greeklish-Permalink

Affected Vendors

Greeklish-Permalink Project

References (2)

Exploit https://wpscan.com/vulnerability/45878983-7e9b-49c2-8f99-4c28aab24f09
Exploit https://wpscan.com/vulnerability/45878983-7e9b-49c2-8f99-4c28aab24f09
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal