WordPress Surfer plugin <= 1.3.2.357 - Broken Access Control vulnerability
CVE-2023-35037
7.6HIGH
Summary
A missing authorization vulnerability exists in the Surfer Plugin, which exposes users to potential unauthorized access due to incorrectly configured access control security levels. This vulnerability impacts the Surfer Plugin across multiple versions, inhibiting effective management of user permissions and creating a pathway for malicious interactions with the website. Ensuring timely updates and configuration reviews are crucial in mitigating this risk and enhancing overall security.
Affected Version(s)
Surfer <= 1.3.2.357
References
CVSS V3.1
Score:
7.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Jonas Höbenreich (Patchstack Alliance)