8 matches found
Exploit for Improper Privilege Management in Wpdeveloper Reviewx
CVE-2023-2833 Mass Exploit Generator by Alucard0x1 This repos...
CVE-2023-2833
The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rxsetscreenoptions' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their...
CVE-2023-2833
Summary (CVE-2023-2833) : The ReviewX WordPress plugin (versions up to 1.6.13) is vulnerable to privilege escalation due to insufficient restriction on the rx_set_screen_options function. This allows an authenticated user with minimal privileges (e.g., a subscriber) to modify their own role by se...
CVE-2023-2833 ReviewX <= 1.6.13 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation
The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rxsetscreenoptions' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their...
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
On May 20, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in WPDeveloper’s ReviewX plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible for an...
WordPress ReviewX 1.6.13 Privilege Escalation Vulnerability
Description: ReviewX = 1.6.13 – Arbitrary Usermeta Update to Authenticated Subscriber+ Privilege Escalation Affected Plugin: ReviewX – Multi-criteria Rating & Reviews for WooCommerce Plugin Slug: reviewx Affected Versions: = 1.6.13 CVE ID: CVE-2023-2833 CVSS Score: 8.8 High CVSS Vector:...
WordPress ReviewX Plugin <= 1.6.13 is vulnerable to Privilege Escalation
Software ReviewX Type Plugin Vulnerable versions = 1.6.13 Fixed in 1.6.14 OWASP Top 10 A6: Security Misconfiguration Classification Privilege Escalation CVE CVE-2023-2833 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 0ccf8a6d79e5 Credits Lana Codes Required privilege...
WordPress ReviewX 1.6.13 Privilege Escalation
Description: ReviewX = 1.6.13 – Arbitrary Usermeta Update to Authenticated Subscriber+ Privilege Escalation Affected Plugin: ReviewX – Multi-criteria Rating & Reviews for WooCommerce Plugin Slug: reviewx Affected Versions: = 1.6.13 CVE ID: CVE-2023-2833 CVSS Score: 8.8 High CVSS Vector:...