CVE-2023-46628

Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://patchstack.com/database/wordpress/plugin/wp-word-count/vulnerability/wordpress-wp-word-count-plugin-3-2-4-broken-access-control-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:redlettuce:wp_word_count:*:*:*:*:*:wordpress:*:*

History

21 Mar 2025, 15:26

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de autorización faltante en los complementos de RedLettuce WP Word Count permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WP Word Count: desde n/a hasta 3.2.4.
First Time		Redlettuce Redlettuce wp Word Count
CPE		cpe:2.3:a:redlettuce:wp_word_count::::::wordpress::*
References	~~() https://patchstack.com/database/wordpress/plugin/wp-word-count/vulnerability/wordpress-wp-word-count-plugin-3-2-4-broken-access-control-vulnerability?_s_id=cve -~~	() https://patchstack.com/database/wordpress/plugin/wp-word-count/vulnerability/wordpress-wp-word-count-plugin-3-2-4-broken-access-control-vulnerability?_s_id=cve - Third Party Advisory

02 Jan 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-02 12:15

Updated : 2025-03-21 15:26

NVD link : CVE-2023-46628

Mitre link : CVE-2023-46628

CVE.ORG link : CVE-2023-46628

JSON object : View

Products Affected

redlettuce

wp_word_count

CWE

CWE-862

Missing Authorization

{"id": "CVE-2023-46628", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-01-02T12:15:13.353", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/wp-word-count/vulnerability/wordpress-wp-word-count-plugin-3-2-4-broken-access-control-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en los complementos de RedLettuce WP Word Count permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WP Word Count: desde n/a hasta 3.2.4."}], "lastModified": "2025-03-21T15:26:55.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redlettuce:wp_word_count:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "7732677F-A0F2-4DEC-B04B-F1900CE2C13E", "versionEndIncluding": "3.2.4"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}