Missing Authorization Vulnerability in Brainstorm Force Spectra Allows Exploiting Incorrectly Configured Access Control Security Levels
CVE-2023-23834

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Spectra
Vendor: CVE Published:; 9 December 2024

Summary

A missing authorization vulnerability exists in the Brainstorm Force Spectra plugin, whereby incorrect access control configurations may lead to unauthorized access. This issue can be exploited by attackers to manipulate application behavior and gain access to sensitive information or functions that should be restricted. Users running affected versions of the Spectra plugin are at risk due to these security level misconfigurations, making it critical for website owners to evaluate and secure their installations promptly.

Affected Version(s)

Spectra <= 2.3.0

References

https://patchstack.com/database/wordpress/plugin/ultimate...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Jan 18, 2023

Credit

István Márton (Patchstack Alliance)