Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

1 vulnerability by SureTriggers

CVE-2023-49749 (GCVE-0-2023-49749)

Vulnerability from cvelistv5 – Published: 2023-12-15 15:45 – Updated: 2026-04-28 16:08

Title

WordPress SureTriggers Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)

Summary

Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!.This issue affects SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!: from n/a through 1.0.23.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

Patchstack

References

1 reference

URL	Tags
https://patchstack.com/database/vulnerability/sur…	vdb-entry

Impacted products

1 product

Vendor	Product	Version
SureTriggers	SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!	Affected: n/a , ≤ 1.0.23 (custom)

Credits

Rafie Muhammad (Patchstack)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:01:26.027Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/suretriggers/wordpress-suretriggers-plugin-1-0-23-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "suretriggers",
          "product": "SureTriggers \u2013 Connect All Your Plugins, Apps, Tools \u0026 Automate Everything!",
          "vendor": "SureTriggers",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.0.24",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.0.23",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers \u2013 Connect All Your Plugins, Apps, Tools \u0026 Automate Everything!.\u003cp\u003eThis issue affects SureTriggers \u2013 Connect All Your Plugins, Apps, Tools \u0026 Automate Everything!: from n/a through 1.0.23.\u003c/p\u003e"
            }
          ],
          "value": "Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers \u2013 Connect All Your Plugins, Apps, Tools \u0026 Automate Everything!.This issue affects SureTriggers \u2013 Connect All Your Plugins, Apps, Tools \u0026 Automate Everything!: from n/a through 1.0.23."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:08:57.076Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/suretriggers/wordpress-suretriggers-plugin-1-0-23-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to\u00a01.0.24 or a higher version."
            }
          ],
          "value": "Update to\u00a01.0.24 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress SureTriggers Plugin \u003c= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-49749",
    "datePublished": "2023-12-15T15:45:00.770Z",
    "dateReserved": "2023-11-30T13:22:02.831Z",
    "dateUpdated": "2026-04-28T16:08:57.076Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}