6.5

CVE-2023-47180

WordPress Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin <= 2.16.0 - Arbitrary Content Deletion vulnerability

Finale Lite <= 2.16.0 - Missing Authorization to Content Deletion

Missing Authorization vulnerability in XLPlugins Finale Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Finale Lite: from n/a through 2.16.0.
Mögliche Gegenmaßnahme
Finale Lite – Sales Countdown Timer & Discount for WooCommerce: Update to version 2.17.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XlpluginsFinale SwEditionlite SwPlatformwordpress Version < 2.17.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Finale Lite – Sales Countdown Timer & Discount for WooCommerce
Version *-2.16.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.3
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
audit@patchstack.com 6.5 3.9 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://patchstack.com/database/wordpress/plugin/finale-woocommerce-sales-countdown-timer-discount/vulnerability/wordpress-finale-lite-sales-countdown-timer-discount-for-woocommerce-plugin-2-16-0-arbitrary-content-deletion-vulnerability?_s_id=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/725bce1b-ec76-411d-928c-2aea47867292
Third Party Advisory