WordPress Avada Builder plugin <= 3.11.1 - Authenticated Broken Access Control vulnerability
CVE-2023-39310
5.4MEDIUM
Summary
A missing authorization vulnerability in ThemeFusion's Fusion Builder allows unauthorized access to features that should be restricted. This flaw impacts the product across various versions, including those leading up to 3.11.1. The vulnerability creates potential security risks for users by enabling unauthorized manipulation or access to sensitive functionalities. Proper authorization measures are essential to mitigate the risks posed by this issue, making it crucial for users to review their implementations and apply necessary updates or patches.
Affected Version(s)
Fusion Builder <= 3.11.1
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Rafie Muhammad (Patchstack)