The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to access the login links, which can be used for privilege escalation.
References
Configurations
History
21 Nov 2024, 07:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/browser/feather-login-page/trunk/features/inc/admin/expirable-login-link.php?rev=2612332#L85 - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ab2178-7438-43ef-961e-b54d0d230f4a?source=cve - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
06 Jun 2023, 16:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:featherplugins:feather_login_page:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-862 | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ab2178-7438-43ef-961e-b54d0d230f4a?source=cve - Third Party Advisory | |
References | (MISC) https://plugins.trac.wordpress.org/browser/feather-login-page/trunk/features/inc/admin/expirable-login-link.php?rev=2612332#L85 - Patch |
31 May 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-31 03:15
Updated : 2024-11-21 07:58
NVD link : CVE-2023-2545
Mitre link : CVE-2023-2545
CVE.ORG link : CVE-2023-2545
JSON object : View
Products Affected
featherplugins
- feather_login_page
CWE
CWE-862
Missing Authorization