Lucene search

K
patchstackMarco WotschkaPATCHSTACK:27229918A88E5B6ED929D96B05893819
HistoryFeb 08, 2023 - 12:00 a.m.

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

2023-02-0800:00:00
Marco Wotschka
patchstack.com
1
wordpress wicked folders plugin
vulnerable version
broken access control
owasp top 10
cve-2023-0717
medium
patch priority
subscriber
marco wotschka
8 february 2023

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

6.8

Confidence

Low

Software

Wicked Folders

Type

Plugin

Vulnerable versions

<= 2.18.16

Fixed in

2.18.17

OWASP Top 10

A5: Broken Access Control

Classification

Broken Access Control

CVE

CVE-2023-0717

Patch priority

Medium

CVSS severity

Medium (5.4)

Developer

Claim ownership

PSID

db3e0ac8c3e4

Credits

Marco Wotschka

Required privilege

Subscriber

Published

8 February, 2023

Vulnerability details Vulnerability details

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

We advise to mitigate or resolve the vulnerability immediately.

Affected configurations

Vulners
Node
wicked_pluginswicked_foldersRange2.18.16
VendorProductVersionCPE
wicked_pluginswicked_folders*cpe:2.3:a:wicked_plugins:wicked_folders:*:*:*:*:*:*:*:*

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

6.8

Confidence

Low

Related for PATCHSTACK:27229918A88E5B6ED929D96B05893819