Lucene search

[email protected]NVD:CVE-2023-6066

HistoryJan 15, 2024 - 4:15 p.m.

CVE-2023-6066

2024-01-1516:15:12

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-6066

wordpress plugin

ajax vulnerability

privilege escalation

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

Percentile

14.0%

JSON

The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site.

Affected configurations

Nvd

Node

kishorkhambuwp_custom_widget_areaRange≤1.2.5wordpress

VendorProductVersionCPE
kishorkhambuwp_custom_widget_area*cpe:2.3:a:kishorkhambu:wp_custom_widget_area:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
kishorkhambu	wp_custom_widget_area	*	cpe:2.3:a:kishorkhambu:wp_custom_widget_area::::::wordpress::*

References

wpscan.com/vulnerability/f8f84d47-49aa-4258-a8a6-3de8e7342623

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

Percentile

14.0%

JSON

Related for NVD:CVE-2023-6066

prion1 wpvulndb1 wpexploit1 cvelist1 cve1