CVE-2023-7286

MEDIUM

6.5

Description

The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includes contributor-level users and above.

Details CVE

Score CVSS v3.16.5

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie10/16/2024

Derniere modification10/16/2024

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-639

References

https://plugins.trac.wordpress.org/changeset?new=2828750%40acf-quickedit-fields&old=2816195%40acf-quickedit-fields#file89(security@wordfence.com)

https://wpscan.com/vulnerability/3538e80e-c2c5-4e7b-97c3-b7debad7a136(security@wordfence.com)

https://www.wordfence.com/threat-intel/vulnerabilities/id/5954bdc0-09e9-4691-95ff-02f7304514c9?source=cve(security@wordfence.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.