Lucene search
PRIOn knowledge basePRION:CVE-2023-1979HistoryMay 08, 2023 - 5:15 p.m.
Design/Logic Flaw
2023-05-0817:15:00
PRIOn knowledge base
www.prio-n.com
8
wordpress
web stories
vulnerability
access control
upgrade
nvd
The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the βAuthorβ role can create stories, but donβt have the ability to edit password protected stories. The vulnerability allowed users with said role to bypass this permission check when trying to duplicate the protected story in the pluginβs own dashboard, giving them access to the seemingly protected content. We recommend upgrading to version 1.32 or beyond commitΒ ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 https://github.com/GoogleForCreators/web-stories-wp/commit/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68
| CPE | Name | Operator | Version |
|---|---|---|---|
| web_stories | lt | 1.32.0 |
Related
nvd
nvd
CVE-2023-1979
2023-05-08 17:15:11
cve
cve
CVE-2023-1979
2023-05-08 17:15:11
wpvulndb
wpvulndb
Web Stories < 1.32 - Author+ Auth Bypass
2023-04-11 00:00:00
osv
osv
CVE-2023-1979
2023-05-08 17:15:11
openvas
openvas
WordPress Web Stories Plugin < 1.32 Incorrect Authorization Vulnerability
2023-05-17 00:00:00
cvelist
cvelist
CVE-2023-1979 Auth bypass in Web Stories for WordPress plugin
2023-05-08 16:28:53
wordfence
wordfence