Lucene search

[email protected]CVE-2023-49774

HistoryJun 04, 2024 - 12:15 p.m.

CVE-2023-49774

2024-06-0412:15:09

CWE-200

[email protected]

web.nvd.nist.gov

cve-2023-49774

reserved

security problem

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.

Affected configurations

Vulners

Node

j.n._breetvelt_a.k.a._opajaapwp_photo_album_plusRange≤8.5.02.005

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-photo-album-plus",
    "product": "WP Photo Album Plus",
    "vendor": "J.N. Breetvelt a.k.a. OpaJaap",
    "versions": [
      {
        "changes": [
          {
            "at": "8.6.01.005",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "8.5.02.005",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-ip-bypass-vulnerability?_s_id=cve

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-49774

cvelist1 wpvulndb1 nvd1 wordfence1