6.5
CVE-2023-6638
- EPSS 0.19%
- Veröffentlicht 11.01.2024 09:15:50
- Zuletzt bearbeitet 03.06.2025 14:15:39
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginGTG Product Feed for Shopping <= 1.2.4 - Missing Authorization to Unauthenticated Plugin Settings Update
The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings.
Mögliche Gegenmaßnahme
GG Woo Feed for WooCommerce Shopping Feed on Google and Other Channels: Update to version 1.2.5, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
GG Woo Feed for WooCommerce Shopping Feed on Google and Other Channels
Version
*-1.2.4
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gutengeek ≫ Gg Woo Feed SwPlatformwordpress Version <= 1.2.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.405 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| security@wordfence.com | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.