9.8 CVE-2023-2276

Patch

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. (Waiting for translation)
https://nvd.nist.gov/vuln/detail/CVE-2023-2276

Categorie

CWE-639 : Bypass dell'autorizzazione tramite chiave controllata dall'utente

Riferimenti

MISC Patch

https://plugins.trac.wordpress.org/changeset/2907455/ Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/42222c64-6492-4774-b5bc-8e62a1a328cf?source=cve Patch Third Party Advisory
https://plugins.trac.wordpress.org/browser/wc-multivendor-membership/tags/2.10.7/controllers/wcfmvm-controller-memberships-registration.php#L124 Product

CPE

cpe	avviare	fine
Configuration 1
cpe:2.3:a:wclovers:wcfm_membership::::::wordpress::*		<= 2.10.7

RIMEDIO

Patch

Url
https://plugins.trac.wordpress.org/changeset/2907455/
https://www.wordfence.com/threat-intel/vulnerabilities/id/42222c64-6492-4774-b5bc-8e62a1a328cf?source=cve

EXPLOITS

Exploit-db.com

id	descrizione	data
Nessuna impresa nota

Altro (github, ...)

Url
Nessuna impresa nota

CAPEC

Common Attack Pattern Enumerations and Classifications

id	descrizione	gravità
Nessuna voce

MITRE

Sherlock® flash

Fotografate la vostra rete di computer in pochi clic !

La soluzione di audit Sherlock® flash consente di eseguire un audit per rafforzare la sicurezza delle risorse IT. Scansione delle vulnerabilità delle apparecchiature fisiche e virtuali. Pianificazione delle patch in base al livello di priorità e al tempo disponibile. Reporting dettagliato e intuitivo.

Scopri questa offerta

Sherlock® flash: la prima soluzione di audit istantaneo della cybersecurity