Missing Authorization Vulnerability Affects Rife Elementor Extensions & Templates
CVE-2023-27454

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Rife Elementor Extensions & Templates
Vendor: CVE Published:; 9 December 2024

Summary

A missing authorization vulnerability has been identified in Apollo13Themes' Rife Elementor Extensions & Templates. This weakness arises from incorrectly configured access control security levels that can be exploited. As a result, unauthorized users may gain access to sensitive functionalities or data within the affected versions, specifically from the initial release up to version 1.1.10 of the product. The vulnerability places a significant security risk on installations utilizing these plugins, requiring immediate attention to ensure proper access controls are enforced.

Affected Version(s)

Rife Elementor Extensions & Templates <= 1.1.10

References

https://patchstack.com/database/wordpress/plugin/rife-ele...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Mar 1, 2023

Credit

István Márton (Patchstack Alliance)