CVE-2023-7197
📊 7.1 HIGH⚡ 0.0%🎯 0 exploits
📅 Published May 15, 2025
📋 Status: Analyzed
The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
CVSS v3.1 • 134c704f-9b21-4f2e-91b3-4a467353bcc0
🎯 Affected Products & Systems
1 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | corbyboy | marketing twitter bot | ≤ 1.11 Target SW: wordpress | Vulnerable | cpe:2.3:a:corbyboy:marketing_twitter_bot:*:*:*:*:*:wordpress:*:* |
📱
VulnerableApplication
Version: ≤ 1.11
Target SW: wordpress
CPE:
cpe:2.3:a:corbyboy:marketing_twitter_bot:*:*:*:*:*:wordpress:*:*
Metrics
7.1 HIGHCVSS v3.1134c704f-9b21-4f2e-91b3-4a467353bcc0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
REQUIRED
Confidentiality:
LOW
Integrity:
LOW
Availability:
LOW
Scope:
CHANGED
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
7.1 (HIGH)v3.1
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
EPSS Details
0.0% (Minimal)8.7th percentile
Last updated: Oct 31, 2025
Exploitation probability within 30 days
Published Date
May 15, 2025 (5 months ago)
Last Modified
Jun 11, 2025 (4 months ago)
Security Weaknesses1
CWE-352
References1
NVD