Lucene search

[email protected]CVE-2023-32127

HistoryApr 24, 2024 - 4:15 p.m.

CVE-2023-32127

2024-04-2416:15:07

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-32127

daniel powney multi rating

missing authorization

functionality misuse

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Missing Authorization vulnerability in Daniel Powney Multi Rating allows Functionality Misuse.This issue affects Multi Rating: from n/a through 5.0.6.

Affected configurations

Vulners

Node

daniel_powneymulti_ratingRange≤5.0.6

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "multi-rating",
    "product": "Multi Rating",
    "vendor": "Daniel Powney",
    "versions": [
      {
        "lessThanOrEqual": "5.0.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/multi-rating/wordpress-multi-rating-plugin-5-0-6-unauth-arbitrary-rating-value-change?_s_id=cve

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-32127

nvd1 cvelist1 wordfence1