6.5
CVE-2023-6695
- EPSS 0.53%
- Veröffentlicht 09.04.2024 19:15:12
- Zuletzt bearbeitet 08.04.2026 18:18:40
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginBeaver Themer <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode
Beaver Themer <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode
The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary user_meta values.
Mögliche Gegenmaßnahme
Beaver Themer: Update to version 1.4.9.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fastlinemedia ≫ Beaver Themer Version < 1.4.9.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Beaver Themer
Version
*-1.4.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.403 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| security@wordfence.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
https://www.wpbeaverbuilder.com/change-logs/
https://www.wordfence.com/threat-intel/vulnerabilities/id/4165cff7-457d-4790-8678-84c4365a191a?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/4165cff7-457d-4790-8678-84c4365a191a