WordPress WPCafe plugin <= 2.2.22 - Broken Access Control vulnerability
CVE-2023-47805

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: WPcafe
Vendor: CVE Published:; 9 December 2024

Summary

The WPCafe plugin by Themewinter is susceptible to a missing authorization vulnerability, which occurs due to improperly configured access controls. This issue allows unauthorized users to potentially exploit security levels within the application, leading to unauthorized access to sensitive functionalities. Users of WPCafe versions up to 2.2.22 should address this vulnerability promptly to safeguard their systems.

Affected Version(s)

WPCafe <= 2.2.22

References

https://patchstack.com/database/wordpress/plugin/wp-cafe/...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Nov 12, 2023

Credit

Abdi Pranata (Patchstack Alliance)