CVE-2023-47754 - OpenCVE

Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cleverplugins	Delete Duplicate Posts

Configuration 1 [-]

cpe:2.3:a:cleverplugins:delete_duplicate_posts:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/delete-duplicate-posts/wordpress-delete-duplicate-posts-plugin-4-8-9-broken-access-control-vulnerability?_s_id=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2023-12-18T23:49:12.603Z

Updated: 2024-08-02T21:16:43.657Z

Reserved: 2023-11-09T18:57:40.988Z

Link: CVE-2023-47754

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-19T00:15:07.767

Modified: 2023-12-22T19:33:56.743

Link: CVE-2023-47754

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47754", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-11-09T18:57:40.988Z", "datePublished": "2023-12-18T23:49:12.603Z", "dateUpdated": "2024-08-02T21:16:43.657Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "delete-duplicate-posts", "product": "Delete Duplicate Posts", "vendor": "Clever plugins", "versions": [{"changes": [{"at": "4.9", "status": "unaffected"}], "lessThanOrEqual": "4.8.9", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Huynh Tien Si (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.<p>This issue affects Delete Duplicate Posts: from n/a through 4.8.9.</p>"}], "value": "Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9.\n\n"}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-12-18T23:49:12.603Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/delete-duplicate-posts/wordpress-delete-duplicate-posts-plugin-4-8-9-broken-access-control-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 4.9 or a higher version."}], "value": "Update to\u00a04.9 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Delete Duplicate Posts Plugin <= 4.8.9 is vulnerable to Broken Access Control", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:16:43.657Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/delete-duplicate-posts/wordpress-delete-duplicate-posts-plugin-4-8-9-broken-access-control-vulnerability?_s_id=cve"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cleverplugins:delete_duplicate_posts:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2B9C5470-7326-4E42-8BAD-99E2D4E266A1", "versionEndIncluding": "4.8.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en los complementos de Clever. Eliminar publicaciones duplicadas permite acceder a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta la eliminaci\u00f3n de publicaciones duplicadas: desde n/a hasta 4.8.9."}], "id": "CVE-2023-47754", "lastModified": "2023-12-22T19:33:56.743", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2023-12-19T00:15:07.767", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/delete-duplicate-posts/wordpress-delete-duplicate-posts-plugin-4-8-9-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}