Lucene search
WordfenceCVE-2023-4025HistoryAug 17, 2024 - 8:15 a.m.
CVE-2023-4025
2024-08-1708:15:05
CWE-862
Wordfence
web.nvd.nist.gov
22
wordpress
radio player
unauthorized modification
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
21.0%
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances.
Affected configurations
Node
softlabbdradio_playerRange<2.0.74wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| softlabbd | radio_player | * | cpe:2.3:a:softlabbd:radio_player:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "princeahmed",
"product": "Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "2.0.73",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
cvelist
cvelist
vulnrichment
vulnrichment
nvd
nvd
CVE-2023-4025
2024-08-17 08:15:05
wordfence
wordfence
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
21.0%
Related for CVE-2023-4025