Login Sign Up

CVE-2023-35877

7.1 HIGH
Cross-Site Scripting CSRF

📋 TL;DR

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Extra User Details plugin that allows attackers to perform stored cross-site scripting (XSS) attacks. Attackers can trick authenticated administrators into executing malicious actions, potentially compromising user data and site security. All WordPress sites using Extra User Details plugin versions up to 0.5 are affected.

💻 Affected Systems

Products:
  • WordPress Extra User Details plugin
Versions: n/a through 0.5
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the vulnerable plugin enabled and at least one authenticated user with administrative privileges.

📦 What is this software?

Extra User Details by Vadimk

View all CVEs affecting Extra User Details →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could gain administrative access, deface websites, steal sensitive user data, or install backdoors for persistent access.

🟠

Likely Case

Attackers inject malicious scripts that steal session cookies or redirect users to phishing sites when administrators visit compromised pages.

🟢

If Mitigated

With proper CSRF tokens and input validation, the attack surface is minimized, though outdated plugins still pose some risk.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires social engineering to trick authenticated users, but the technical complexity is low once the user is tricked.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 0.6 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/extra-user-details/wordpress-extra-user-details-plugin-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Extra User Details' and click 'Update Now' if available. 4. If no update is available, deactivate and delete the plugin, then install version 0.6+ from WordPress repository.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily deactivate the Extra User Details plugin to eliminate the vulnerability.

wp plugin deactivate extra-user-details

Implement CSRF Protection

all

Add custom CSRF tokens to plugin forms if you cannot update immediately.

Add nonce fields to plugin forms: wp_nonce_field('extra_user_details_action');

🧯 If You Can't Patch

  • Restrict plugin access to trusted administrators only and monitor their activities.
  • Implement web application firewall (WAF) rules to block suspicious POST requests to plugin endpoints.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Extra User Details for version number. If version is 0.5 or earlier, you are vulnerable.

Check Version:

wp plugin get extra-user-details --field=version

Verify Fix Applied:

After update, verify plugin version is 0.6 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /wp-admin/admin-ajax.php with extra-user-details parameters
  • Multiple failed CSRF token validations in WordPress debug logs

Network Indicators:

  • Unexpected outbound connections from WordPress site to unknown domains following admin actions

SIEM Query:

source="wordpress.log" AND ("extra-user-details" OR "admin-ajax.php") AND (POST AND NOT "_wpnonce")

📊 Metadata

CVE ID: CVE-2023-35877
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CWE: CWE-352
Published: November 13, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35877, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-10181 9.8

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Sumavision Enhanced Multimed...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)