Improper Authentication vulnerability allows Privilege Escalation
CVE-2023-51472

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Checkout Mestres WP
Vendor: CVE Published:; 24 April 2024

Summary

An improper authentication vulnerability exists in the Checkout Mestres WP plugin, enabling unauthorized users to escalate privileges. This flaw potentially allows attackers to gain greater access to restricted features of the application. The vulnerability affects all versions from n/a to 7.1.9.7, highlighting the need for updates and security measures to prevent exploitation.

Affected Version(s)

Checkout Mestres WP <= 7.1.9.7

References

https://patchstack.com/database/vulnerability/checkout-me...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2024
Vulnerability Reserved
Dec 20, 2023

Credit

Rafie Muhammad (Patchstack)