CVE-2023-3063 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2023-3063?

CVE-2023-3063 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-3063?

Check the references section above for vendor advisories and patch information. Affected products include: Smartypantsplugins Sp Project \& Document Manager.

Vulnerability Description

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Smartypantsplugins	Sp Project \& Document Manager	<= 4.67

Related Weaknesses (CWE)

CWE-639

References

FAQ

What is CVE-2023-3063?

CVE-2023-3063 is a vulnerability with a CVSS score of 8.8 (HIGH). The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled ac...

How severe is CVE-2023-3063?

CVE-2023-3063 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-3063?

Check the references section above for vendor advisories and patch information. Affected products include: Smartypantsplugins Sp Project \& Document Manager.