Incorrect Access Control Security Levels Expose Clone to Missing Authorization Vulnerability
CVE-2023-25486

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Clone
Vendor: CVE Published:; 9 December 2024

Summary

An authorization flaw exists in the Migrate Clone functionality of the WP Clone plugin, exposing users to potential unauthorized access due to improper configuration of security levels. This issue affects versions from n/a up to 2.3.7 of the WP Clone plugin, potentially allowing attackers to exploit security weaknesses and gain elevated privileges without proper authorization. Web administrators are urged to evaluate their installations for this vulnerability and implement necessary security measures.

Affected Version(s)

Clone <= 2.3.7

References

https://patchstack.com/database/wordpress/plugin/wp-clone...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Feb 6, 2023

Credit

Mika (Patchstack Alliance)