CVE-2023-6491

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/3097409/strong-testimonials/tags/3.1.13/admin/views.php	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/c3277d93-4f47-445b-a193-ff990b55d054?source=cve	Third Party Advisory
https://plugins.trac.wordpress.org/changeset/3097409/strong-testimonials/tags/3.1.13/admin/views.php	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/c3277d93-4f47-445b-a193-ff990b55d054?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wpchill:strong_testimonials:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2024-06-07 06:15

Updated : 2024-11-21 08:43

NVD link : CVE-2023-6491

Mitre link : CVE-2023-6491

CVE.ORG link : CVE-2023-6491

JSON object : View

Products Affected

wpchill

strong_testimonials

CWE

CWE-862

Missing Authorization

{"id": "CVE-2023-6491", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-06-07T06:15:09.320", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3097409/strong-testimonials/tags/3.1.13/admin/views.php", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c3277d93-4f47-445b-a193-ff990b55d054?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3097409/strong-testimonials/tags/3.1.13/admin/views.php", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c3277d93-4f47-445b-a193-ff990b55d054?source=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views."}, {"lang": "es", "value": "El complemento Strong Testimonials para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una verificaci\u00f3n de capacidad incorrecta en la funci\u00f3n wpmtst_save_view_sticky en todas las versiones hasta la 3.1.12 incluida. Esto hace posible que los atacantes autenticados, con acceso de colaborador y superior, modifiquen las vistas favoritas."}], "lastModified": "2024-11-21T08:43:57.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpchill:strong_testimonials:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "7A7E2DE8-5E8F-47D8-8973-6270FCD253B3", "versionEndExcluding": "3.1.13"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}