CVE-2023-6491

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpchill:strong_testimonials:*:*:*:*:*:wordpress:*:*

History

29 Oct 2024, 17:59

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/changeset/3097409/strong-testimonials/tags/3.1.13/admin/views.php - () https://plugins.trac.wordpress.org/changeset/3097409/strong-testimonials/tags/3.1.13/admin/views.php - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/c3277d93-4f47-445b-a193-ff990b55d054?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/c3277d93-4f47-445b-a193-ff990b55d054?source=cve - Third Party Advisory
CWE CWE-862
CPE cpe:2.3:a:wpchill:strong_testimonials:*:*:*:*:*:wordpress:*:*
First Time Wpchill strong Testimonials
Wpchill

07 Jun 2024, 14:56

Type Values Removed Values Added
Summary
  • (es) El complemento Strong Testimonials para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una verificación de capacidad incorrecta en la función wpmtst_save_view_sticky en todas las versiones hasta la 3.1.12 incluida. Esto hace posible que los atacantes autenticados, con acceso de colaborador y superior, modifiquen las vistas favoritas.

07 Jun 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-07 06:15

Updated : 2024-10-29 17:59


NVD link : CVE-2023-6491

Mitre link : CVE-2023-6491

CVE.ORG link : CVE-2023-6491


JSON object : View

Products Affected

wpchill

  • strong_testimonials
CWE
CWE-862

Missing Authorization