6.5
CVE-2023-6638
- EPSS 0.54%
- Veröffentlicht 11.01.2024 09:15:50
- Zuletzt bearbeitet 08.04.2026 19:18:58
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginGTG Product Feed for Shopping <= 1.2.4 - Missing Authorization to Unauthenticated Plugin Settings Update
GTG Product Feed for Shopping <= 1.2.4 - Missing Authorization to Unauthenticated Plugin Settings Update
The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings.
Mögliche Gegenmaßnahme
GG Woo Feed for WooCommerce Shopping Feed on Google and Other Channels: Update to version 1.2.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gutengeek ≫ Gg Woo Feed SwPlatformwordpress Version <= 1.2.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
GG Woo Feed for WooCommerce Shopping Feed on Google and Other Channels
Version
*-1.2.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.54% | 0.411 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| security@wordfence.com | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://plugins.trac.wordpress.org/browser/gg-woo-feed/trunk/inc/Admin/Admin.php?rev=2933599#L199
https://www.wordfence.com/threat-intel/vulnerabilities/id/ce6b9b0a-e82e-459a-bddf-1c9354bcec00?source=cve
https://plugins.trac.wordpress.org/changeset/3026053
https://www.wordfence.com/threat-intel/vulnerabilities/id/ce6b9b0a-e82e-459a-bddf-1c9354bcec00