CVE-2023-0711

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the view state of the folder structure maintained by the plugin.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/wicked-folders/tags/2.18.16/lib/class-wicked-folders-ajax.php	Release Notes Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=	Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/d1c43e93-69a3-407e-860e-ab25af5d7177	Third Party Advisory
https://plugins.trac.wordpress.org/browser/wicked-folders/tags/2.18.16/lib/class-wicked-folders-ajax.php	Release Notes Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=	Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/d1c43e93-69a3-407e-860e-ab25af5d7177	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wickedplugins:wicked_folders:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:37

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-02-08 02:15

Updated : 2024-11-21 07:37

NVD link : CVE-2023-0711

Mitre link : CVE-2023-0711

CVE.ORG link : CVE-2023-0711

JSON object : View

Products Affected

wickedplugins

wicked_folders

CWE

No CWE.

{"id": "CVE-2023-0711", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-02-08T02:15:07.853", "references": [{"url": "https://plugins.trac.wordpress.org/browser/wicked-folders/tags/2.18.16/lib/class-wicked-folders-ajax.php", "tags": ["Release Notes", "Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1c43e93-69a3-407e-860e-ab25af5d7177", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/wicked-folders/tags/2.18.16/lib/class-wicked-folders-ajax.php", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1c43e93-69a3-407e-860e-ab25af5d7177", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the view state of the folder structure maintained by the plugin."}], "lastModified": "2024-11-21T07:37:40.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wickedplugins:wicked_folders:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E2A772F1-2D99-4A55-9535-EBADFBF75641", "versionEndIncluding": "2.18.16"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}

5.4 /10