WordPress Yet Another Stars Rating plugin <= 3.4.3 - Broken Access Control vulnerability
CVE-2023-39305

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Yet Another Stars Rating
Vendor: CVE Published:; 13 December 2024

What is CVE-2023-39305?

A vulnerability exists in the Yet Another Stars Rating plugin due to missing authorization mechanisms, which allows attackers to exploit incorrectly configured access control security levels. This flaw impacts all versions of the plugin up to and including 3.4.3, potentially allowing unauthorized users to gain access to sensitive data or functionalities not intended for public use.

Affected Version(s)

Yet Another Stars Rating <= 3.4.3

References

https://patchstack.com/database/wordpress/plugin/yet-anot...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Jul 27, 2023

Credit

Revan Arifio (Patchstack Alliance)