Access Control Vulnerability in Animated Rotating Words Plugin by Labib Ahmed
CVE-2023-47187

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Animated Rotating Words
Vendor: CVE Published:; 2 January 2025

Summary

The Animated Rotating Words plugin by Labib Ahmed contains a missing authorization vulnerability that arises from improperly configured access control security measures. This flaw allows attackers to exploit the system, potentially leading to unauthorized actions within the plugin. Affected versions range from an unspecified release to version 5.4, making it critical for users to apply necessary security updates to mitigate risks.

Affected Version(s)

Animated Rotating Words <= 5.4

References

https://patchstack.com/database/wordpress/plugin/css3-rot...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Oct 31, 2023

Credit

Abdi Pranata (Patchstack Alliance)