The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_badgeos_log_entries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the plugin's log entries.
Metrics
Affected Vendors & Products
References
History
Fri, 27 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-08-31T05:33:08.533Z
Updated: 2024-09-27T14:21:55.852Z
Reserved: 2023-04-18T22:32:10.319Z
Link: CVE-2023-2174
Vulnrichment
Updated: 2024-08-02T06:12:20.627Z
NVD
Status : Modified
Published: 2023-08-31T06:15:08.770
Modified: 2024-11-21T07:58:04.997
Link: CVE-2023-2174
Redhat
No data.