Missing Authorization Vulnerability in Brainstorm Force Spectra Allows Exploiting Incorrectly Configured Access Control Security Levels
CVE-2023-23825

8.8HIGH

Key Information:

Vendor: WordPress
Status: Spectra
Vendor: CVE Published:; 9 December 2024

Summary

The vulnerability in the Brainstorm Force Spectra plugin is characterized by missing authorization checks that could lead to exploitation through incorrectly configured access control security levels. This issue compromises the integrity of user permissions and may allow unauthorized actions within the application, creating significant security risks for users of the plugin. Affected versions range from unspecified versions up to 2.3.0, and it is crucial for users to ensure that their installations and configurations are secure.

Affected Version(s)

Spectra <= 2.3.0

References

https://patchstack.com/database/wordpress/plugin/ultimate...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Jan 18, 2023

Credit

István Márton (Patchstack Alliance)