Lucene search

[email protected]NVD:CVE-2023-6384

HistoryJan 22, 2024 - 8:15 p.m.

CVE-2023-6384

2024-01-2220:15:47

CWE-639

[email protected]

web.nvd.nist.gov

wp user profile avatar

wordpress plugin

authorisation vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

Percentile

14.0%

JSON

The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar

Affected configurations

Nvd

Node

wp-eventmanageruser_profile_avatarRange<1.0.1wordpress

VendorProductVersionCPE
wp-eventmanageruser_profile_avatar*cpe:2.3:a:wp-eventmanager:user_profile_avatar:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wp-eventmanager	user_profile_avatar	*	cpe:2.3:a:wp-eventmanager:user_profile_avatar::::::wordpress::*

References

wpscan.com/vulnerability/fbdefab4-614b-493b-a9ae-c5aeff8323ef/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

Percentile

14.0%

JSON

Related for NVD:CVE-2023-6384

cve1 wpvulndb1 wpexploit1 prion1 cvelist1 wordfence1