CVE-2023-31073

{"id": "CVE-2023-31073", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-12-09T13:15:28.540", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/shortcode-to-display-post-and-user-data/vulnerability/wordpress-shortcode-to-display-post-and-user-data-plugin-1-2-0-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend \u2013 Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display custom fields in the frontend \u2013 Post and User Profile Fields: from n/a through 1.2.0."}], "lastModified": "2024-12-09T13:15:28.540", "sourceIdentifier": "audit@patchstack.com"}