Lucene search

[email protected]CVE-2023-5949

HistoryDec 18, 2023 - 8:15 p.m.

CVE-2023-5949

2023-12-1820:15:08

CWE-862

[email protected]

web.nvd.nist.gov

smartcrawl

wordpress

plugin

cve-2023-5949

security vulnerability

unauthorized access

password protection

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

35.3%

JSON

The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts’ content.

VendorProductVersionCPE
yoastwordpress_seo*cpe:2.3:a:yoast:wordpress_seo:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yoast	wordpress_seo	*	cpe:2.3:a:yoast:wordpress_seo::::::::

References

wpscan.com/vulnerability/3cec27ca-f470-402d-ae3e-271cb59cf407

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

35.3%

JSON

Related for CVE-2023-5949

wpvulndb1 prion1 wpexploit1 cvelist1