Lucene search

PatchstackCVE-2023-36683

HistoryJun 19, 2024 - 2:15 p.m.

CVE-2023-36683

2024-06-1914:15:12

CWE-862

Patchstack

web.nvd.nist.gov

wp schema pro

missing authorization

vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

Percentile

9.0%

JSON

Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through 2.7.8.

Affected configurations

Vulners

Node

wp_schema_proschema_proRange≤2.7.8wordpress

VendorProductVersionCPE
wp_schema_proschema_pro*cpe:2.3:a:wp_schema_pro:schema_pro:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wp_schema_pro	schema_pro	*	cpe:2.3:a:wp_schema_pro:schema_pro::::::wordpress::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Schema Pro",
    "vendor": "WP SCHEMA PRO",
    "versions": [
      {
        "changes": [
          {
            "at": "2.7.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.7.8",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-schema-pro/wordpress-schema-pro-plugin-2-7-8-broken-access-control-vulnerability?_s_id=cve

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-36683