Access Control Vulnerability in Gfazioli WP Cleanfix Plugin
CVE-2023-48775

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: WP Cleanfix
Vendor: CVE Published:; 31 December 2024

What is CVE-2023-48775?

A missing authorization vulnerability exists in the Gfazioli WP Cleanfix plugin, which can lead to exploitation through incorrectly configured access control levels. This vulnerability can affect the security protocols and potential access permissions of users within the WordPress environment. It is essential for site administrators utilizing the WP Cleanfix plugin to review their configurations and ensure that proper access control measures are implemented to safeguard against unauthorized access.

Affected Version(s)

WP Cleanfix <= 5.6.2

References

https://patchstack.com/database/wordpress/plugin/wp-clean...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Nov 18, 2023

Credit

Abdi Pranata (Patchstack Alliance)