Login Sign Up

CVE-2023-0505

4.3 MEDIUM
CSRF

📋 TL;DR

This vulnerability in the Ever Compare WordPress plugin allows attackers to trick logged-in administrators into activating arbitrary plugins via Cross-Site Request Forgery (CSRF) attacks. Attackers can exploit this by getting an admin to visit a malicious webpage, which then silently submits requests to activate plugins. This affects WordPress sites using the Ever Compare plugin up to version 1.2.3.

💻 Affected Systems

Products:
  • Ever Compare WordPress Plugin
Versions: through 1.2.3
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the Ever Compare plugin installed and an admin user logged in.

📦 What is this software?

Ever Compare by Hasthemes

View all CVEs affecting Ever Compare →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could activate malicious plugins that provide backdoor access, execute arbitrary code, steal sensitive data, or take over the WordPress site entirely.

🟠

Likely Case

Attackers would activate legitimate but vulnerable plugins to chain exploits, or activate plugins with known security issues to expand their attack surface.

🟢

If Mitigated

With proper CSRF protections and admin awareness, exploitation would be prevented as the attack requires admin interaction with malicious content.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires social engineering to trick an admin into visiting a malicious page while logged in. No authentication bypass is needed beyond the admin's existing session.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.4 or later

Vendor Advisory: https://wpscan.com/vulnerability/dbabff3e-b021-49ed-aaf3-b73a77d4b354

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Ever Compare' plugin. 4. Click 'Update Now' if available, or download version 1.2.4+ from WordPress repository. 5. Replace plugin files if manual update needed.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Deactivate the Ever Compare plugin until patched to prevent exploitation.

wp plugin deactivate ever-compare

CSRF Protection via .htaccess

linux

Add CSRF protection headers at web server level (may break legitimate functionality).

Header set X-Frame-Options "DENY"
Header set Content-Security-Policy "frame-ancestors 'none'"

🧯 If You Can't Patch

  • Remove the Ever Compare plugin completely if updating is not possible.
  • Implement strict admin user training about clicking unknown links while logged in.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Ever Compare version. If version is 1.2.3 or earlier, you are vulnerable.

Check Version:

wp plugin get ever-compare --field=version

Verify Fix Applied:

Verify Ever Compare plugin version is 1.2.4 or later in WordPress admin plugins page.

📡 Detection & Monitoring

Log Indicators:

  • Unusual plugin activation events in WordPress logs
  • Multiple plugin activation requests from same admin session
  • POST requests to /wp-admin/admin-ajax.php with action=ever_compare_ajax_actions

Network Indicators:

  • Unexpected plugin activation requests from admin IPs
  • CSRF attack patterns in web traffic

SIEM Query:

source="wordpress.log" AND "activated plugin" AND "ever-compare"

📊 Metadata

CVE ID: CVE-2023-0505
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Published: March 27, 2023
Last Updated: February 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON