WordPress Donations Made Easy – Smart Donations plugin <= 4.0.12 - Broken Access Control vulnerability
CVE-2023-38475
4.3MEDIUM
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 13 December 2024
Summary
A missing authorization vulnerability in the RedNao Donations Made Easy – Smart Donations plugin poses risks by allowing exploitation through incorrectly configured access control security levels. This vulnerability enables unauthorized users to access resources they should not be able to reach, impacting the overall integrity and security of the plugin. Affected versions range from n/a to 4.0.12, making it crucial for users to evaluate their installations and assess potential risks associated with improper access controls.
Affected Version(s)
Donations Made Easy – Smart Donations <= 4.0.12
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Abdi Pranata (Patchstack Alliance)