Missing Authorization Vulnerability in Apollo13 Framework Extensions Could Allow Exploiting Incorrectly Configured Access Control Security Levels
CVE-2023-25959
5.4MEDIUM
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 9 December 2024
Summary
A vulnerability exists in Apollo13 Framework Extensions where missing authorization can lead to exploitation due to incorrectly configured access control security levels. This issue allows unauthorized users to access restricted functionalities or data, compromising the security integrity of the system. Organizations using the affected versions are urged to assess their configurations to ensure proper access control measures are in place to mitigate potential risks.
Affected Version(s)
Apollo13 Framework Extensions <= 1.8.10
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
István Márton (Patchstack Alliance)