Exploiting Incorrectly Configured Access Control Security Levels
CVE-2023-26520

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Advanced Text Widget
Vendor: CVE Published:; 9 December 2024

What is CVE-2023-26520?

The Advanced Text Widget by Max Chirkov is affected by a significant vulnerability that arises from insufficient authorization mechanisms, leading to incorrect access control configurations. This vulnerability allows unauthorized users to exploit the widget, thereby gaining access to restricted functionalities or sensitive information. Versions from n/a through 2.1.2 are impacted, making it crucial for users to assess their security settings and update to secure configurations to mitigate potential risks.

Affected Version(s)

Advanced Text Widget <= 2.1.2

References

https://patchstack.com/database/wordpress/plugin/advanced...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Feb 24, 2023

Credit

Rio Darmawan (Patchstack Alliance)

WordPress

What is CVE-2023-26520?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit