Lucene search

WPScanCVE-2023-1426

HistoryApr 10, 2023 - 2:15 p.m.

CVE-2023-1426

2023-04-1014:15:09

WPScan

web.nvd.nist.gov

wp tiles

wordpress plugin

cve-2023-1426

security vulnerability

authenticated users

draft posts

private posts

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

29.8%

JSON

The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post.

Affected configurations

Nvd

Vulners

Node

keetraxwp_tilesRange≤1.1.2wordpress

VendorProductVersionCPE
keetraxwp_tiles*cpe:2.3:a:keetrax:wp_tiles:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
keetrax	wp_tiles	*	cpe:2.3:a:keetrax:wp_tiles::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Tiles",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "1.1.2"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/fdd79bb4-d434-4635-bb2b-84d079ecc746

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

29.8%

JSON

Related for CVE-2023-1426