5.4
CVE-2023-0711
- EPSS 0.06%
- Veröffentlicht 08.02.2023 02:15:07
- Zuletzt bearbeitet 21.11.2024 07:37:40
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginWicked Folders <= 2.18.16 - Missing Authorization via ajax_save_state
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the view state of the folder structure maintained by the plugin.
Mögliche Gegenmaßnahme
Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types: Update to version 2.18.17, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types
Version
* - 2.18.16
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wickedplugins ≫ Wicked Folders SwPlatformwordpress Version <= 2.18.16
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.177 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| security@wordfence.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
|