Lucene search

PatchstackCVELIST:CVE-2023-46311

HistoryDec 20, 2023 - 1:32 p.m.

CVE-2023-46311 WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)

2023-12-2013:32:29

CWE-639

Patchstack

www.cve.org

wordpress

wpdiscuz

plugin

idor

vulnerability

authorization bypass

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

19.5%

JSON

Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wpdiscuz",
    "product": "Comments – wpDiscuz",
    "vendor": "gVectors Team",
    "versions": [
      {
        "changes": [
          {
            "at": "7.6.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "7.6.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-6-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

19.5%

JSON

Related for CVELIST:CVE-2023-46311