Missing Authorization in RumbleTalk Live Group Chat by RumbleTalk Ltd
CVE-2023-45828

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Rumbletalk Live Group Chat
Vendor: CVE Published:; 2 January 2025

Summary

A security flaw in RumbleTalk Live Group Chat by RumbleTalk Ltd allows attackers to exploit misconfigured access control security levels. This vulnerability can enable unauthorized users to gain access to functionalities that should be restricted, which may lead to information disclosure or other malicious actions. Affected versions include those before 6.2.5, highlighting the importance of updating to secure user interactions in group chats.

Affected Version(s)

RumbleTalk Live Group Chat <= 6.2.5

References

https://patchstack.com/database/wordpress/plugin/rumbleta...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Oct 13, 2023

Credit

Mika (Patchstack Alliance)