CVE-2023-4213 - OpenCVE

The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mikevanwinkle	Simplr Registration Form Plus\+

Configuration 1 [-]

cpe:2.3:a:mikevanwinkle:simplr_registration_form_plus\+:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/simplr-registration-form/trunk/lib/profile.php#L148
https://www.wordfence.com/threat-intel/vulnerabilities/id/6ddf0452-3afe-4ada-bccc-30c818968a81?source=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-09-13T02:54:11.287Z

Updated: 2024-08-02T07:17:12.260Z

Reserved: 2023-08-07T18:53:50.546Z

Link: CVE-2023-4213

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-09-13T03:15:08.877

Modified: 2023-11-07T04:22:20.617

Link: CVE-2023-4213

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4213", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-08-07T18:53:50.546Z", "datePublished": "2023-09-13T02:54:11.287Z", "dateUpdated": "2024-08-02T07:17:12.260Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-09-13T02:54:11.287Z"}, "affected": [{"vendor": "mpvanwinkle77", "product": "Simplr Registration Form Plus+", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.4.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ddf0452-3afe-4ada-bccc-30c818968a81?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/simplr-registration-form/trunk/lib/profile.php#L148"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Lana Codes"}], "timeline": [{"time": "2023-08-07T00:00:00.000+00:00", "lang": "en", "value": "Discovered"}, {"time": "2023-08-07T00:00:00.000+00:00", "lang": "en", "value": "Vendor Notified"}, {"time": "2023-09-12T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:17:12.260Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ddf0452-3afe-4ada-bccc-30c818968a81?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/simplr-registration-form/trunk/lib/profile.php#L148", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mikevanwinkle:simplr_registration_form_plus\\+:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "90BF449E-C762-4F85-9C5D-0A52A331E394", "versionEndIncluding": "2.4.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts."}, {"lang": "es", "value": "El complemento Simplr Registration Form Plus+ para WordPress es vulnerable a referencias directas a objetos inseguros en versiones hasta la 2.4.5 inclusive. Esto se debe a que el complemento proporciona acceso controlado por el usuario a los objetos, lo que le permite omitir la autorizaci\u00f3n y acceder a los recursos del sistema. Esto hace posible que atacantes autenticados con permisos de nivel de suscriptor o superiores cambien las contrase\u00f1as de los usuarios y potencialmente se apoderen de cuentas de administrador."}], "id": "CVE-2023-4213", "lastModified": "2023-11-07T04:22:20.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2023-09-13T03:15:08.877", "references": [{"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/browser/simplr-registration-form/trunk/lib/profile.php#L148"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ddf0452-3afe-4ada-bccc-30c818968a81?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}