Missing Authorization vulnerability in FunnelKit Checkout
CVE-2023-51672
7.5HIGH
Summary
A vulnerability exists in FunnelKit Checkout that allows for missing authorization controls, potentially enabling unauthorized users to perform actions that should be restricted. This impacts all versions of FunnelKit Checkout before 3.10.3, posing risks for users by potentially allowing arbitrary deletions of post pages. Ensuring that proper authorization mechanisms are in place is crucial for safeguarding web applications against such vulnerabilities.
Affected Version(s)
FunnelKit Checkout <= 3.10.3
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dave Jong (Patchstack)