Lucene search

[email protected]NVD:CVE-2023-4153

HistorySep 13, 2023 - 3:15 a.m.

CVE-2023-4153

2023-09-1303:15:08

[email protected]

web.nvd.nist.gov

wordpress

ban users

privilege escalation

plugin vulnerability

capability check

authenticated attackers

minimal permissions

subscriber

modify settings

ban functionality

unban functionality

role modification

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

61.5%

JSON

The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the ‘w3dev_save_ban_user_settings_callback’ function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify the plugin settings to access the ban and unban functionality and set the role of the unbanned user.

Affected configurations

Nvd

Node

webmediaban_usersRange≤1.5.3wordpress

VendorProductVersionCPE
webmediaban_users*cpe:2.3:a:webmedia:ban_users:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
webmedia	ban_users	*	cpe:2.3:a:webmedia:ban_users::::::wordpress::*

References

plugins.trac.wordpress.org/browser/ban-users/tags/1.5.3/include/ajax.php#L109

plugins.trac.wordpress.org/browser/ban-users/tags/1.5.3/include/ajax.php#L199

www.wordfence.com/threat-intel/vulnerabilities/id/af6bd2db-47a4-4381-a881-d5f97a159f8d?source=cve

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

61.5%

JSON

Related for NVD:CVE-2023-4153

cvelist1 cve1 prion1 wpvulndb1 wordfence2