The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.
Metrics
Affected Vendors & Products
References
History
Tue, 29 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wpchill
Wpchill strong Testimonials |
|
Weaknesses | CWE-862 | |
CPEs | cpe:2.3:a:wpchill:strong_testimonials:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Wpchill
Wpchill strong Testimonials |
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-06-07T05:33:46.516Z
Updated: 2024-08-02T08:28:21.857Z
Reserved: 2023-12-04T16:46:05.653Z
Link: CVE-2023-6491
Vulnrichment
Updated: 2024-08-02T08:28:21.857Z
NVD
Status : Modified
Published: 2024-06-07T06:15:09.320
Modified: 2024-11-21T08:43:57.410
Link: CVE-2023-6491
Redhat
No data.