Missing Authorization Vulnerability Affects Astra Bulk Edit
CVE-2023-44148

8.8HIGH

Key Information:

Vendor: WordPress
Status: Astra Bulk Edit
Vendor: CVE Published:; 19 June 2024

Summary

The Astra Bulk Edit plugin by Brainstorm Force contains a missing authorization vulnerability that allows unauthorized users to access sensitive functionalities. This issue is present in versions up to 1.2.7 and can lead to potential exploitation, allowing adversaries to affect the integrity of sites utilizing this plugin. Proper controls and checks are necessary to safeguard user data and intended operations.

Affected Version(s)

Astra Bulk Edit <= 1.2.7

References

https://patchstack.com/database/vulnerability/astra-bulk-...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 19, 2024
Vulnerability Reserved
Sep 26, 2023

Credit

Rafie Muhammad (Patchstack)