Illegal Access Control Vulnerability Affects Branded Social Images
CVE-2023-28536

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Branded Social Images
Vendor: CVE Published:; 9 December 2024

Summary

A missing authorization flaw has been identified in Acato's Branded Social Images, resulting from incorrectly configured access control security levels. This vulnerability permits unauthorized access to functions in the affected versions, potentially allowing an attacker to exploit the application without appropriate permissions. All users of the affected versions should assess their exposure and implement the necessary updates to mitigate risks associated with this security issue.

Affected Version(s)

Branded Social Images <= 1.1.0

References

https://patchstack.com/database/wordpress/plugin/branded-...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Mar 17, 2023

Credit

Yuki Haruma (Patchstack Alliance)