7.1
CVE-2023-6279
- EPSS 0.49%
- Veröffentlicht 29.01.2024 15:15:09
- Zuletzt bearbeitet 20.02.2026 20:05:59
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWoostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS
Woostify Sites Library <= 1.4.7 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name
Mögliche Gegenmaßnahme
Woostify Sites Library: Update to version 1.4.8, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Woostify ≫ Sites Library SwPlatformwordpress Version < 1.4.8
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Woostify Sites Library
Version
*-1.4.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.383 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://wpscan.com/vulnerability/626bbc7d-0d0f-4418-ac61-666278a1cbdb/
https://www.wordfence.com/threat-intel/vulnerabilities/id/977ab23a-06b2-4f54-a2c2-3be2316eaceb