Access Control Vulnerability in wpDiscuz by gVectors Team
CVE-2023-45760
4.3MEDIUM
Summary
A missing authorization vulnerability exists in wpDiscuz by gVectors Team, allowing attackers to exploit incorrectly configured access control security levels. This issue affects wpDiscuz from versions n/a through 7.6.3, potentially enabling unauthorized access to sensitive data and features within WordPress sites using the plugin. Proper access control measures are essential to mitigate the risk posed by this vulnerability.
Affected Version(s)
wpDiscuz <= 7.6.3
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
RE-ALTER (Patchstack Alliance)