WordPress Analytify plugin <= 5.1.0 - Broken Access Control vulnerability
CVE-2023-41695

8.8HIGH

Key Information:

Vendor: WordPress
Status: Analytify
Vendor: CVE Published:; 13 December 2024

What is CVE-2023-41695?

The vulnerability in the Analytify plugin occurs due to improperly configured access control security levels, which allows unauthorized exploitation. This flaw can potentially enable attackers to access sensitive user data and perform actions without appropriate permissions. Affected versions of the plugin include all instances prior to version 5.1.0, emphasizing the need for users to update their installations to ensure optimal security.

Affected Version(s)

Analytify <= 5.1.0

References

https://patchstack.com/database/wordpress/plugin/wp-analy...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Aug 30, 2023

Credit

Abdi Pranata (Patchstack Alliance)