Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2023/08/14 7:10 p.m.10 views

CVE-2023-3601 Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR

The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor...

6.3AI score0.0043EPSS
Exploits2References1
CVE
CVE
added 2023/08/14 7:10 p.m.76 views

CVE-2023-3601

CVE-2023-3601 affects the Simple Author Box WordPress plugin prior to version 2.52. The issue is an insecure direct object reference (IDOR): the plugin outputs user information without verifying the user ID, allowing arbitrary disclosure to users with a role as low as Contributor. Root cause: lac...

4.3CVSS4.7AI score0.0043EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/08/14 7:10 p.m.38 views

CVE-2023-3601 Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR

The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor...

4.7AI score0.0043EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/07/27 12:0 a.m.17 views

WordPress Simple Author Box Plugin < 2.52 is vulnerable to Insecure Direct Object References (IDOR)

Software Simple Author Box Type Plugin Vulnerable versions 2.52 Fixed in 2.52 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3601 Patch priority Low CVSS severity Low 6.5 Developer WebFactory Ltd. PSID c55453b38919 Credits Dmitriy Require...

4.3CVSS6.8AI score0.0043EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder