WordPress SoundCloud Is Gold plugin <= 2.5.1 - Broken Access Control vulnerability
CVE-2023-32586

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Soundcloud Is Gold
Vendor: CVE Published:; 13 December 2024

What is CVE-2023-32586?

A significant vulnerability exists within the Soundcloud Is Gold plugin by Thomas Michalak, primarily due to missing authorization checks. This flaw allows attackers to exploit incorrectly configured access control security levels, potentially granting unauthorized access to sensitive functionalities or data within the application. Users should be vigilant regarding the affected versions and ensure proper access control configurations are implemented to mitigate risks associated with this vulnerability.

Affected Version(s)

Soundcloud Is Gold <= 2.5.1

References

https://patchstack.com/database/wordpress/plugin/soundclo...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
May 10, 2023

Credit

István Márton (Patchstack Alliance)