The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_badgeos_log_entries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the plugin's log entries.
History

Fri, 27 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-08-31T05:33:08.533Z

Updated: 2024-09-27T14:21:55.852Z

Reserved: 2023-04-18T22:32:10.319Z

Link: CVE-2023-2174

cve-icon Vulnrichment

Updated: 2024-08-02T06:12:20.627Z

cve-icon NVD

Status : Modified

Published: 2023-08-31T06:15:08.770

Modified: 2024-11-21T07:58:04.997

Link: CVE-2023-2174

cve-icon Redhat

No data.