Missing Authorization Vulnerability Affects Dynamics 365 Integration
CVE-2023-28417

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Dynamics 365 Integration
Vendor: CVE Published:; 9 December 2024

Summary

A missing authorization vulnerability exists in the AlexaCRM Dynamics 365 Integration, which permits exploitation due to incorrectly configured access control security levels. This misconfiguration can lead to unauthorized access and manipulation of sensitive data across the affected versions. Users of the Dynamics 365 Integration should ensure that proper access controls are enforced to mitigate potential security risks.

Affected Version(s)

Dynamics 365 Integration <= 1.3.12

References

https://patchstack.com/database/wordpress/plugin/integrat...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Mar 15, 2023

Credit

István Márton (Patchstack Alliance)