6.3
CVE-2023-2066
- EPSS 0.06%
- Veröffentlicht 09.06.2023 06:16:01
- Zuletzt bearbeitet 21.11.2024 07:57:52
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginAnnouncement & Notification Banner – Bulletin <= 3.6.0 - Missing Authorization Checks
The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions functions in versions up to, and including, 3.6.0. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the plugin's settings, modify bulletins, create new bulletins, and more.
Mögliche Gegenmaßnahme
Announcement & Notification Banner – Bulletin: Update to version 3.7.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Announcement & Notification Banner – Bulletin
Version
*-3.6.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bulletin ≫ Announcement & Notification Banner - Bulletin SwPlatformwordpress Version <= 3.6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.188 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| security@wordfence.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|