Lucene search

PatchstackCVELIST:CVE-2023-36520

HistoryDec 20, 2023 - 2:18 p.m.

CVE-2023-36520 WordPress Editorial Calendar Plugin <= 3.7.12 is vulnerable to Insecure Direct Object References (IDOR)

2023-12-2014:18:41

CWE-639

Patchstack

www.cve.org

cve-2023-36520

insecure direct object references

authorization bypass

marketingfire editorial calendar

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "editorial-calendar",
    "product": "Editorial Calendar",
    "vendor": "MarketingFire",
    "versions": [
      {
        "changes": [
          {
            "at": "3.8.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.7.12",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/editorial-calendar/wordpress-editorial-calendar-plugin-3-7-12-insecure-direct-object-references-idor-vulnerability?_s_id=cve

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

Related for CVELIST:CVE-2023-36520