Lucene search

PatchstackCVELIST:CVE-2023-46212

HistoryDec 18, 2023 - 11:57 p.m.

CVE-2023-46212 WordPress WP EXtra Plugin <= 6.2 is vulnerable to Broken Access Control

2023-12-1823:57:14

CWE-862

CWE-352

Patchstack

www.cve.org

wordpress

extra plugin

vulnerable

access control

csrf

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

19.0%

JSON

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-extra",
    "product": "WP EXtra",
    "vendor": "TienCOP",
    "versions": [
      {
        "changes": [
          {
            "at": "6.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-extra/wordpress-wp-extra-plugin-6-2-broken-access-control-vulnerability?_s_id=cve