Lucene search

WPScanCVE-2023-6077

HistoryDec 18, 2023 - 8:15 p.m.

CVE-2023-6077

2023-12-1820:15:08

WPScan

web.nvd.nist.gov

slider

wordpress

plugin

unauthorized access

cve-2023-6077

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.1%

JSON

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected

Affected configurations

Nvd

Vulners

Node

wpfrankslider_factory_proRange<3.5.12wordpress

VendorProductVersionCPE
wpfrankslider_factory_pro*cpe:2.3:a:wpfrank:slider_factory_pro:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpfrank	slider_factory_pro	*	cpe:2.3:a:wpfrank:slider_factory_pro::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Slider",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "3.5.12"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/1afc0e4a-f712-47d4-bf29-7719ccbbbb1b

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.1%

JSON

Related for CVE-2023-6077