WordPress Analytify plugin <= 5.1.0 - Broken Access Control vulnerability
CVE-2023-41695

3.5LOW

Key Information:

Vendor: WordPress
Status: Analytify
Vendor: CVE Published:; 13 December 2024

Summary

The vulnerability in the Analytify plugin occurs due to improperly configured access control security levels, which allows unauthorized exploitation. This flaw can potentially enable attackers to access sensitive user data and perform actions without appropriate permissions. Affected versions of the plugin include all instances prior to version 5.1.0, emphasizing the need for users to update their installations to ensure optimal security.

Affected Version(s)

Analytify <= 5.1.0

References

https://patchstack.com/database/wordpress/plugin/wp-analy...

vdb-entry

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Aug 30, 2023

Credit

Abdi Pranata (Patchstack Alliance)