CVE-2023-0328 — MEDIUM (4.3)

Q: How severe is CVE-2023-0328?

CVE-2023-0328 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-0328?

Check the references section above for vendor advisories and patch information. Affected products include: Wpcode Wpcode.

Vulnerability Description

The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wpcode	Wpcode	< 2.0.7

Related Weaknesses (CWE)

CWE-863

References

https://wpscan.com/vulnerability/3c4318a9-a3c5-409b-a52e-edd8583c3c43ExploitThird Party Advisory
https://wpscan.com/vulnerability/3c4318a9-a3c5-409b-a52e-edd8583c3c43ExploitThird Party Advisory

FAQ

What is CVE-2023-0328?

CVE-2023-0328 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can ed...

How severe is CVE-2023-0328?

CVE-2023-0328 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-0328?

Check the references section above for vendor advisories and patch information. Affected products include: Wpcode Wpcode.