4 matches found
CVE-2023-3601 Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR
The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor...
CVE-2023-3601
CVE-2023-3601 affects the Simple Author Box WordPress plugin prior to version 2.52. The issue is an insecure direct object reference (IDOR): the plugin outputs user information without verifying the user ID, allowing arbitrary disclosure to users with a role as low as Contributor. Root cause: lac...
CVE-2023-3601 Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR
The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor...
WordPress Simple Author Box Plugin < 2.52 is vulnerable to Insecure Direct Object References (IDOR)
Software Simple Author Box Type Plugin Vulnerable versions 2.52 Fixed in 2.52 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3601 Patch priority Low CVSS severity Low 6.5 Developer WebFactory Ltd. PSID c55453b38919 Credits Dmitriy Require...