Lucene search
WPScanCVELIST:CVE-2023-0328HistoryMar 06, 2023 - 1:33 p.m.
CVE-2023-0328 WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion
2023-03-0613:33:58
WPScan
www.cve.org
3
wpcode
cve-2023-0328
privilege checks
key updates
wordpress plugin
The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).
CNA Affected
[
{
"vendor": "Unknown",
"product": "WPCode",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.0.7"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion
2023-02-09 00:00:00
wpexploit
wpexploit
WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion
2023-02-09 00:00:00
openvas
openvas
prion
prion
Privilege escalation
2023-03-06 14:15:00
nvd
nvd
CVE-2023-0328
2023-03-06 14:15:10
cve
cve
CVE-2023-0328
2023-03-06 14:15:10
wordfence
wordfence