WordPress GS Pins for Pinterest plugin <= 1.6.7 - Broken Access Control vulnerability
CVE-2023-32593

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Gs Pins For Pinterest
Vendor: CVE Published:; 13 December 2024

Summary

A missing authorization vulnerability has been identified in GS Pins for Pinterest that allows attackers to exploit incorrectly configured access control security levels. This weakness enables unauthorized users to access and potentially manipulate sensitive functions within the plugin. The vulnerability affects all versions from n/a through 1.6.7. It's essential for users of GS Pins for Pinterest to review their configurations and apply necessary updates to safeguard against potential exploitation.

Affected Version(s)

GS Pins for Pinterest <= 1.6.7

References

https://patchstack.com/database/wordpress/plugin/gs-pinte...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
May 10, 2023

Credit

Abdi Pranata (Patchstack Alliance)