Lucene search

WpvulndbWPVDB-ID:5EF34057-AC9B-425A-8EAF-8581B88E2080

HistoryMay 01, 2024 - 12:00 a.m.

Knowledge Base documentation & wiki plugin – BasePress < 2.16.2.1 - Missing Authorization

2024-05-0100:00:00

wpscan.com

wordpress

basepress

vulnerable

unauthorized access

ajax actions

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

5.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Description The Knowledge Base documentation & wiki plugin – BasePress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in versions up to, and including, 2.16.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions.

References

www.wordfence.com/threat-intel/vulnerabilities/id/cc4ec554-f7f5-4c0a-9f86-8d5c74bfe0ab

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

5.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:5EF34057-AC9B-425A-8EAF-8581B88E2080