Lucene search

[email protected]NVD:CVE-2023-3053

HistoryJun 03, 2023 - 12:15 a.m.

CVE-2023-3053

2023-06-0300:15:09

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-3053

page builder by azexo

wordpress

plugin

vulnerability

unauthorized modification

data

capability check

authenticated attackers

post type

post status

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘azh_add_post’ function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status.

Affected configurations

Nvd

Node

azexopage_builder_with_image_map_by_azexoRange≤1.27.133wordpress

VendorProductVersionCPE
azexopage_builder_with_image_map_by_azexo*cpe:2.3:a:azexo:page_builder_with_image_map_by_azexo:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
azexo	page_builder_with_image_map_by_azexo	*	cpe:2.3:a:azexo:page_builder_with_image_map_by_azexo::::::wordpress::*

References

plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L4085

plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L4137

www.wordfence.com/threat-intel/vulnerabilities/id/dd56cb73-1c40-44b1-b713-c0291832d988?source=cve

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

Related for NVD:CVE-2023-3053

cvelist1 cve1 prion1 wpvulndb1 wordfence1