WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability
CVE-2023-29429
5.3MEDIUM
Summary
A missing authorization vulnerability exists in the WPEverest User Registration Plugin, impacting versions from n/a through 2.3.2.1. This vulnerability allows unauthorized users to exploit incorrectly configured access control security levels, potentially leading to unauthorized actions within the application. Proper remediation involves ensuring that access controls are correctly configured to prevent such exploitation.
Affected Version(s)
User Registration <= 2.3.2.1
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Rafshanzani Suhada (Patchstack Alliance)