CVE-2023-0328
CVSS V2 None
CVSS V3 None
Description
The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).
Overview
- CVE ID
- CVE-2023-0328
- Assigner
- contact@wpscan.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-06T14:15:10
- Last Modified Date
- 2023-03-11T02:58:32
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:wpcode:wpcode:*:*:*:*:*:wordpress:*:* | 1 | OR | 2.0.7 |
References
| Reference URL | Reference Tags |
|---|---|
| https://wpscan.com/vulnerability/3c4318a9-a3c5-409b-a52e-edd8583c3c43 | Exploit Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-0328 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0328 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 05:59:09 | Added to TrackCVE | |||
| 2023-04-17 05:59:10 | Weakness Enumeration | new |