5.3

CVE-2023-4469

EPSS 0.36%
Veröffentlicht 06.10.2023 10:15:18
Zuletzt bearbeitet 21.11.2024 08:35:14
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Profile Extra Fields by BestWebSoft <= 1.2.7 - Missing Authorization to Sensitive Information Exposure

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.

Mögliche Gegenmaßnahme

Profile Extra Fields by BestWebSoft: Update to version 1.2.8, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Profile Extra Fields by BestWebSoft

Version *-1.2.7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bestwebsoft ≫ Profile Extra Fields SwPlatformwordpress Version <= 1.2.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.572

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://plugins.trac.wordpress.org/changeset/2975179/profile-extra-fields

Release Notes

https://www.wordfence.com/threat-intel/vulnerabilities/id/916c73e8-a150-4b35-8773-ea0ec29f7fd1?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/916c73e8-a150-4b35-8773-ea0ec29f7fd1

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4469

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4469

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4469

EUVD