WordPress Plugin Vulnerabilities

GiveWP < 2.25.2 - Contributor+ Arbitrary Content Deletion

Description

The plugin does not correctly authorize some actions, allowing low-privileged users to delete content from the site which they should not be permitted to delete.

Affects Plugins

Plugin icon
give
Fixed in 2.25.2

References

CVE
CVE-2023-23672

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
5.5 (medium)

Miscellaneous

Original Researcher
Rafshanzani Suhada
Verified
No
WPVDB ID
88c8b259-9fc5-48d1-af0c-36b891c4dae7

Timeline

Publicly Published
2023-03-10 (about 1 years ago)
Added
2023-05-09 (about 1 years ago)
Last Updated
2023-05-09 (about 1 years ago)

Other

Published
Title
Published
2024-01-12
Title
Spiffy Calendar < 4.9.9 - Broken Access Control
Published
2023-04-26
Title
WooCommerce Multivendor Marketplace – REST API < 1.6.0 - Subscriber+ Arbitrary Orders Item And Notes Update
Published
2022-11-21
Title
AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation
Published
2022-11-21
Title
WPTools < 3.43 - Subscriber+ Arbitrary Plugin Installation
Published
2022-11-21
Title
Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation