Missing Authorization vulnerability in EmbedPress
CVE-2023-51375

8.8HIGH

Key Information:

Vendor: WordPress
Status: Embedpress
Vendor: CVE Published:; 21 June 2024

Summary

A critical security flaw has been identified in the WPDeveloper EmbedPress Plugin, stemming from a missing authorization check. This vulnerability primarily affects versions up to 3.8.3 of the plugin. Exploitation of this issue may allow unauthorized users to access or execute functionality that should be restricted, potentially leading to security breaches. It's essential for users of the affected versions to apply updates and implement security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

EmbedPress <= 3.8.3

References

https://patchstack.com/database/vulnerability/embedpress/...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 21, 2024
Vulnerability Reserved
Dec 18, 2023

Credit

Abdi Pranata (Patchstack Alliance)