Lucene search

[email protected]NVD:CVE-2023-1371

HistoryApr 17, 2023 - 1:15 p.m.

CVE-2023-1371

2023-04-1713:15:38

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-1371

w4 post list

wordpress plugin

unauthorized access

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

29.8%

JSON

The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them

Affected configurations

Nvd

Node

w4_post_list_projectw4_post_listRange<2.4.6wordpress

VendorProductVersionCPE
w4_post_list_projectw4_post_list*cpe:2.3:a:w4_post_list_project:w4_post_list:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
w4_post_list_project	w4_post_list	*	cpe:2.3:a:w4_post_list_project:w4_post_list::::::wordpress::*

References

wpscan.com/vulnerability/ad5c167e-77f7-453c-9443-df6e07705d89

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

29.8%

JSON

Related for NVD:CVE-2023-1371

cve1 cvelist1 wpvulndb1 prion1 wpexploit1 wordfence1