CVE-2023-26523

CWE-862 — Missing Authorization3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 49.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codepeople Calculated Fields Form

Timeline

PublishedJun 3

Latest updateJun 4

Description

Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDcodepeople/calculated_fields_form< 1.1.121

▶CVEListV5codepeople/calculated_fields_formn/a — 1.1.120

🔴Vulnerability Details

GHSA

GHSA-fpq6-p3c2-2j87: Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse↗2024-06-04

▶

CVEList

WordPress Calculated Fields Form plugin <= 1.1.120 - Missing Authorization Leading To Feedback Submission Vulnerability↗2024-06-03

▶