CVE-2023-51516 - Vulnerability Details - OpenCVE

Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00125.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Businessdirectoryplugin	Business Directory

Configuration 1 [-]

cpe:2.3:a:businessdirectoryplugin:business_directory:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-56229	Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9.

Fixes

Solution

Update to 6.3.10 or a higher version.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://patchstack.com/database/vulnerability/business-directory-plugin/wordpress-business-directory-plugin-easy-listing-directories-for-wordpress-plugin-6-3-9-broken-access-control-vulnerability?_s_id=cve

History

Wed, 07 Aug 2024 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Businessdirectoryplugin Businessdirectoryplugin business Directory
CPEs		cpe:2.3:a:businessdirectoryplugin:business_directory::::::wordpress::*
Vendors & Products		Businessdirectoryplugin Businessdirectoryplugin business Directory

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-06-14T00:58:47.581Z

Updated: 2024-08-02T22:32:10.367Z

Reserved: 2023-12-20T15:56:04.671Z

Link: CVE-2023-51516

Vulnrichment

Updated: 2024-06-14T20:10:54.951Z

NVD

Status : Modified

Published: 2024-06-14T02:15:09.423

Modified: 2024-11-21T08:38:17.277

Link: CVE-2023-51516

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-51516", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-12-20T15:56:04.671Z", "datePublished": "2024-06-14T00:58:47.581Z", "dateUpdated": "2024-08-02T22:32:10.367Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "business-directory-plugin", "product": "Business Directory Plugin", "vendor": "Business Directory Team", "versions": [{"changes": [{"at": "6.3.10", "status": "unaffected"}], "lessThanOrEqual": "6.3.9", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "thiennv (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.<p>This issue affects Business Directory Plugin: from n/a through 6.3.9.</p>"}], "value": "Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-14T00:58:47.581Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/business-directory-plugin/wordpress-business-directory-plugin-easy-listing-directories-for-wordpress-plugin-6-3-9-broken-access-control-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 6.3.10 or a higher version."}], "value": "Update to 6.3.10 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Business Directory Plugin \u2013 Easy Listing Directories for WordPress plugin <= 6.3.9 - Broken Access Control vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-14T20:10:51.870953Z", "id": "CVE-2023-51516", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-14T20:10:57.873Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:32:10.367Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/business-directory-plugin/wordpress-business-directory-plugin-easy-listing-directories-for-wordpress-plugin-6-3-9-broken-access-control-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-51516", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-14T20:10:51.870953Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-14T20:10:54.951Z"}}], "cna": {"title": "WordPress Business Directory Plugin \u2013 Easy Listing Directories for WordPress plugin <= 6.3.9 - Broken Access Control vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "thiennv (Patchstack Alliance)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Business Directory Team", "product": "Business Directory Plugin", "versions": [{"status": "affected", "changes": [{"at": "6.3.10", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "6.3.9"}], "packageName": "business-directory-plugin", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 6.3.10 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 6.3.10 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/business-directory-plugin/wordpress-business-directory-plugin-easy-listing-directories-for-wordpress-plugin-6-3-9-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.<p>This issue affects Business Directory Plugin: from n/a through 6.3.9.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-14T00:58:47.581Z"}}}, "cveMetadata": {"cveId": "CVE-2023-51516", "state": "PUBLISHED", "dateUpdated": "2024-06-14T20:10:57.873Z", "dateReserved": "2023-12-20T15:56:04.671Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-06-14T00:58:47.581Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:businessdirectoryplugin:business_directory:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8A5F5379-9DA2-4C41-8C44-747B2E136B5E", "versionEndExcluding": "6.3.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9."}, {"lang": "es", "value": "Vulnerabilidad de falta de autorizaci\u00f3n en el complemento Business Directory Team Business Directory. Este problema afecta al complemento Business Directory: desde n/a hasta 6.3.9."}], "id": "CVE-2023-51516", "lastModified": "2024-11-21T08:38:17.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-14T02:15:09.423", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/business-directory-plugin/wordpress-business-directory-plugin-easy-listing-directories-for-wordpress-plugin-6-3-9-broken-access-control-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/business-directory-plugin/wordpress-business-directory-plugin-easy-listing-directories-for-wordpress-plugin-6-3-9-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}