Lucene search

WpvulndbWPVDB-ID:AC7F88C6-863C-4244-9D41-013DDDC03FFB

HistoryApr 16, 2024 - 12:00 a.m.

WP Accessibility Helper (WAH) < 0.6.2.6 - Missing Authorization

2024-04-1600:00:00

wpscan.com

wp accessibility helper

wordpress

missing authorization

data modification

vulnerability

update_attachment_alt function

versions 0.6.2.5

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

20.0%

JSON

Description The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_attachment_alt() function in versions up to, and including, 0.6.2.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update attachment alts.

References

www.wordfence.com/threat-intel/vulnerabilities/id/fc186712-5314-4471-bf02-4fd580c338c9

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

20.0%

JSON

Related for WPVDB-ID:AC7F88C6-863C-4244-9D41-013DDDC03FFB