WordPress Premium Addons PRO plugin <= 2.9.0 - Broken Access Control vulnerability
CVE-2023-37869

8.8HIGH

Key Information:

Vendor: WordPress
Status: Premium Addons Pro
Vendor: CVE Published:; 19 June 2024

What is CVE-2023-37869?

A missing authorization vulnerability exists in the Premium Addons PRO plugin that can allow unauthorized users to access features and data that should be restricted. This flaw affects various versions, including from no specified version until 2.9.0. Exploiting this vulnerability may enable attackers to manipulate the functionality of the plugin or access sensitive information, highlighting the importance of maintaining proper access controls in WordPress plugins.

Affected Version(s)

Premium Addons PRO <= 2.9.0

References

https://patchstack.com/database/vulnerability/premium-add...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2024
Vulnerability Reserved
Jul 10, 2023

Credit

Rafie Muhammad (Patchstack)