The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.
References
Configurations
History
29 Oct 2024, 17:59
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 | |
CPE | cpe:2.3:a:wpchill:strong_testimonials:*:*:*:*:*:wordpress:*:* | |
First Time |
Wpchill strong Testimonials
Wpchill |
|
References | () https://plugins.trac.wordpress.org/changeset/3097409/strong-testimonials/tags/3.1.13/admin/views.php - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/c3277d93-4f47-445b-a193-ff990b55d054?source=cve - Third Party Advisory |
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Jun 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-07 06:15
Updated : 2024-10-29 17:59
NVD link : CVE-2023-6491
Mitre link : CVE-2023-6491
CVE.ORG link : CVE-2023-6491
JSON object : View
Products Affected
wpchill
- strong_testimonials
CWE
CWE-862
Missing Authorization