Access Control Issue in wpDiscuz by gVectors Team
CVE-2023-46309
5.3MEDIUM
Summary
The wpDiscuz plugin by gVectors Team suffers from a missing authorization vulnerability. This security flaw allows attackers to exploit incorrectly configured access control settings, potentially leading to unauthorized access to restricted functionalities. The issue affects various versions of wpDiscuz, from n/a up to and including version 7.6.10, making it essential for users to update their installations to mitigate risks.
Affected Version(s)
wpDiscuz <= 7.6.10
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Revan Arifio (Patchstack Alliance)