Improper Authentication Vulnerability Affects Defender Security
CVE-2023-47189

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Defender Security
Vendor: CVE Published:; 4 June 2024

What is CVE-2023-47189?

An improper authentication vulnerability exists in WPMU DEV's Defender Security, which could allow attackers to access functionalities that are not adequately protected by access control lists (ACLs). This flaw affects versions including 4.2.0, posing risks to user security and data protection. It is essential for users to assess their systems and apply necessary updates to mitigate potential exploitation.

Affected Version(s)

Defender Security <= 4.2.0

References

https://patchstack.com/database/vulnerability/defender-se...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2024
Vulnerability Reserved
Oct 31, 2023

Credit

Naveen Muthusamy (Patchstack Alliance)

WordPress

What is CVE-2023-47189?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit