CVE-2023-35764

{"id": "CVE-2023-35764", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-04-03T08:15:49.057", "references": [{"url": "https://jvn.jp/en/jp/JVN51098626/", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://wordpress.org/plugins/survey-maker/", "tags": ["Product"], "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/jp/JVN51098626/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wordpress.org/plugins/survey-maker/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting."}, {"lang": "es", "value": "El problema de verificaci\u00f3n insuficiente de la autenticidad de los datos en Survey Maker antes de la versi\u00f3n 3.6.4 permite que un atacante remoto no autenticado falsifique una direcci\u00f3n IP al publicar."}], "lastModified": "2025-10-10T17:18:24.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ays-pro:survey_maker:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5EEA6AD7-C5B4-4167-88AA-C22A086DEEBB", "versionEndExcluding": "3.6.4"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}