WordPress Surfer plugin <= 1.3.2.357 - Broken Access Control vulnerability
CVE-2023-35037
7.6HIGH
What is CVE-2023-35037?
A missing authorization vulnerability exists in the Surfer Plugin, which exposes users to potential unauthorized access due to incorrectly configured access control security levels. This vulnerability impacts the Surfer Plugin across multiple versions, inhibiting effective management of user permissions and creating a pathway for malicious interactions with the website. Ensuring timely updates and configuration reviews are crucial in mitigating this risk and enhancing overall security.
Affected Version(s)
Surfer <= 1.3.2.357