CVE-2023-6824

EPSS 0.52%
Veröffentlicht 16.01.2024 16:15:13
Zuletzt bearbeitet 11.06.2025 17:15:39
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

WP Customer Area <= 8.2.0 - Insecure Direct Object Reference to Account Address Disclosure

The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.

Mögliche Gegenmaßnahme

WP Customer Area: Update to version 8.2.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WP Customer Area

Version *-8.2.0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Marvinlabs ≫ Wp Customer Area SwPlatformwordpress Version < 8.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.657

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://wpscan.com/vulnerability/a224b984-770a-4534-b689-0701b582b388/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/cc0087a8-ec3a-4c16-8ce3-d346ae0ca58d

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-6824

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6824

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6824

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-6824