Lucene search

WPScanCVE-2023-6066

HistoryJan 15, 2024 - 4:15 p.m.

CVE-2023-6066

2024-01-1516:15:12

CWE-862

WPScan

web.nvd.nist.gov

cve-2023-6066

wp custom widget area

wordpress plugin

security vulnerability

ajax

privilege escalation

nvd

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

14.0%

JSON

The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site.

Affected configurations

Nvd

Vulners

Node

kishorkhambuwp_custom_widget_areaRange≤1.2.5wordpress

VendorProductVersionCPE
kishorkhambuwp_custom_widget_area*cpe:2.3:a:kishorkhambu:wp_custom_widget_area:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
kishorkhambu	wp_custom_widget_area	*	cpe:2.3:a:kishorkhambu:wp_custom_widget_area::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Custom Widget area",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.2.5"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/f8f84d47-49aa-4258-a8a6-3de8e7342623

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

14.0%

JSON

Related for CVE-2023-6066