The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.
Metrics
Affected Vendors & Products
References
History
Mon, 23 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-06T09:33:23.412Z
Updated: 2024-12-23T16:22:51.376Z
Reserved: 2023-05-22T10:34:54.953Z
Link: CVE-2023-2833
Vulnrichment
Updated: 2024-08-02T06:33:05.515Z
NVD
Status : Modified
Published: 2023-06-06T10:15:09.953
Modified: 2024-11-21T07:59:22.777
Link: CVE-2023-2833
Redhat
No data.