Login Sign Up

CVE-2023-0495

4.3 MEDIUM
CSRF

📋 TL;DR

This vulnerability in the HT Slider For Elementor WordPress plugin allows attackers to trick logged-in administrators into activating arbitrary plugins via Cross-Site Request Forgery (CSRF) attacks. It affects WordPress sites using vulnerable versions of the plugin, potentially enabling attackers to activate malicious plugins that could lead to further compromise.

💻 Affected Systems

Products:
  • HT Slider For Elementor WordPress plugin
Versions: All versions before 1.4.0
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the vulnerable plugin and an authenticated admin user who can be tricked into visiting a malicious page.

📦 What is this software?

Ht Slider For Elementor by Hasthemes

View all CVEs affecting Ht Slider For Elementor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could activate malicious plugins that execute arbitrary code, leading to complete site takeover, data theft, or malware distribution.

🟠

Likely Case

Attackers activate plugins that create backdoors, inject malicious content, or escalate privileges for further attacks.

🟢

If Mitigated

With proper CSRF protections and admin awareness, exploitation attempts would fail, limiting impact to failed attack attempts.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires social engineering to trick an admin into clicking a malicious link while authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.0

Vendor Advisory: https://wpscan.com/vulnerability/2e3af480-b1a4-404c-b0fc-2b7b6a6b9c27

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'HT Slider For Elementor'. 4. Click 'Update Now' if available, or download version 1.4.0+ from WordPress repository. 5. Activate the updated plugin.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add custom CSRF tokens to plugin activation requests via custom code or security plugin.

Restrict Admin Access

linux

Limit admin panel access to trusted IP addresses only.

# Add to .htaccess for Apache:
Order deny,allow
Deny from all
Allow from 192.168.1.0/24
Allow from 10.0.0.0/8
# Add to nginx config:
location /wp-admin {
    allow 192.168.1.0/24;
    allow 10.0.0.0/8;
    deny all;
}

🧯 If You Can't Patch

  • Deactivate and remove the HT Slider For Elementor plugin completely.
  • Implement web application firewall (WAF) rules to block CSRF attacks targeting plugin activation endpoints.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for HT Slider For Elementor version. If version is below 1.4.0, the site is vulnerable.

Check Version:

wp plugin list --name='ht-slider-for-elementor' --field=version

Verify Fix Applied:

Confirm plugin version is 1.4.0 or higher in WordPress admin panel. Test CSRF protection by attempting to activate a plugin via forged request (use security testing tools).

📡 Detection & Monitoring

Log Indicators:

  • Multiple plugin activation requests from same admin session in short timeframe
  • Plugin activation requests with missing or invalid nonce tokens
  • Unexpected plugin activations in WordPress activity logs

Network Indicators:

  • HTTP POST requests to /wp-admin/admin-ajax.php with action=activate-plugin without proper referrer headers
  • Requests containing plugin activation parameters from unexpected sources

SIEM Query:

source="wordpress.log" AND ("activate-plugin" OR "plugin activated") AND NOT user_agent="WordPress/*"

📊 Metadata

CVE ID: CVE-2023-0495
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Published: March 27, 2023
Last Updated: February 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON