Improper Authentication Vulnerability Affects Checkout Mestres WP
CVE-2023-51471

8.2HIGH

Key Information:

Vendor: WordPress
Status: Checkout Mestres WP
Vendor: CVE Published:; 24 April 2024

Summary

An improper authentication vulnerability exists in the Checkout Mestres WP plugin by Mestres, which allows attackers to access functionality that is not properly constrained by Access Control Lists (ACLs). This security flaw affects versions from n/a up to 7.1.9.7, enabling unauthorized users to perform actions that should be restricted, posing significant risk to the integrity and security of WordPress sites utilizing this plugin. Users are advised to review their installations and apply security patches to mitigate potential threats.

Affected Version(s)

Checkout Mestres WP <= 7.1.9.7

References

https://patchstack.com/database/vulnerability/checkout-me...

vdb-entry

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2024
Vulnerability Reserved
Dec 20, 2023

Credit

Rafie Muhammad (Patchstack)