3 matches found
CVE-2023-4153 BAN Users <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update & Privilege Escalation
The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3devsavebanusersettingscallback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...
CVE-2023-4153
The CVE-2023-4153 entry concerns the BAN Users WordPress plugin (versions
WordPress BAN Users Plugin <= 1.5.3 is vulnerable to Privilege Escalation
Software BAN Users Type Plugin Vulnerable versions = 1.5.3 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-4153 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID ec1ffb5bed37 Credits Lana Codes...