Lucene search

PatchstackCVELIST:CVE-2023-22676

HistoryDec 29, 2023 - 8:25 a.m.

CVE-2023-22676 WordPress Advanced Custom Fields: Image Crop Add-on Plugin <= 1.4.12 is vulnerable to Broken Access Control

2023-12-2908:25:01

CWE-862

Patchstack

www.cve.org

wordpress

acf plugin

image crop

vulnerability

access control

authorization bypass

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

Missing Authorization vulnerability in Anders Thorborg.This issue affects Anders Thorborg: from n/a through 1.4.12.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "acf-image-crop-add-on",
    "product": "Anders Thorborg",
    "vendor": "Anders Thorborg",
    "versions": [
      {
        "lessThanOrEqual": "1.4.12",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/acf-image-crop-add-on/wordpress-advanced-custom-fields-image-crop-add-on-plugin-1-4-12-broken-access-control?_s_id=cve

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

Related for CVELIST:CVE-2023-22676