Lucene search

[email protected]NVD:CVE-2023-2545

HistoryMay 31, 2023 - 3:15 a.m.

CVE-2023-2545

2023-05-3103:15:09

CWE-862

[email protected]

web.nvd.nist.gov

wordpress

unauthorized access

data vulnerability

plugin

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

48.4%

JSON

The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘getListOfUsers’ function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to access the login links, which can be used for privilege escalation.

Affected configurations

Nvd

Node

featherpluginsfeather_login_pageRange1.0.7–1.1.1wordpress

VendorProductVersionCPE
featherpluginsfeather_login_page*cpe:2.3:a:featherplugins:feather_login_page:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
featherplugins	feather_login_page	*	cpe:2.3:a:featherplugins:feather_login_page::::::wordpress::*

References

plugins.trac.wordpress.org/browser/feather-login-page/trunk/features/inc/admin/expirable-login-link.php?rev=2612332#L85

www.wordfence.com/threat-intel/vulnerabilities/id/b2ab2178-7438-43ef-961e-b54d0d230f4a?source=cve

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

48.4%

JSON

Related for NVD:CVE-2023-2545

cve2 wpexploit1 cvelist2 prion2 wpvulndb1 nvd1 wordfence2