WordPress Easy Captcha plugin <= 1.0 - Broken Access Control vulnerability
CVE-2023-33324

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Easy Captcha
Vendor: CVE Published:; 13 December 2024

Summary

The Easy Captcha plugin by wppal presents a Missing Authorization vulnerability that allows attackers to exploit incorrectly configured access control security levels. This gap in security could lead to unauthorized access and manipulation of captcha submissions, jeopardizing the integrity of user interactions on websites utilizing the plugin. This issue affects all versions from n/a to 1.0, necessitating prompt attention to ensure user data protection and overall system security.

Affected Version(s)

Easy Captcha <= 1.0

References

https://patchstack.com/database/wordpress/plugin/easy-cap...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
May 22, 2023

Credit

Skalucy (Patchstack Alliance)