8.8
CVE-2023-30873
- EPSS 0.49%
- Veröffentlicht 09.12.2024 13:15:28
- Zuletzt bearbeitet 28.04.2026 19:20:18
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginWordPress WP Docs plugin <= 1.9.8 - Broken Access Control
WP Docs <= 1.9.8 - Missing Authorization via multiple AJAX actions
WP Docs <= 1.9.8 - Cross-Site Request Forgery to folder management
Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through 1.9.8.
Mögliche Gegenmaßnahme
WP Docs: Update to version 1.9.9, or a newer patched version
WP Docs: Update to version 1.9.9, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Androidbubble ≫ Wp Docs SwPlatformwordpress Version < 1.9.9
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Docs
Version
*-1.9.8
SystemWordPress Plugin
≫
Produkt
WP Docs
Version
*-1.9.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.382 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://patchstack.com/database/wordpress/plugin/wp-docs/vulnerability/wordpress-wp-docs-plugin-1-9-8-broken-access-control?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/45a870f4-7ad1-447b-81ea-5d9e9b67b1bb
https://www.wordfence.com/threat-intel/vulnerabilities/id/6003b1bf-b176-4ca9-9de2-58133259e0f6