CVE-2023-32117
published 2024-12-09CVE-2023-32117: Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue…
PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
6.28%
92.7th percentile
Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softlab | integrate_google_drive | n/a – 1.1.99 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-json/igd/v1/get-users-data
path/wp-content/plugins/integrate-google-drive/
- →Detect exploitation attempts by monitoring POST requests to the unauthenticated REST API endpoint /wp-json/igd/v1/get-users-data; a successful exploit returns a JSON body containing 'username', 'name', 'email', and 'role' fields with HTTP 200 and Content-Type application/json.
- →Presence of the plugin path /wp-content/plugins/integrate-google-drive/ on a WordPress site indicates a potentially vulnerable installation (versions up to and including 1.1.99).
- →Unauthenticated POST requests to multiple REST API endpoints (no capability check) allow file moving, folder creation, and data copying — monitor for unauthenticated REST API calls to /wp-json/igd/ routes.
- ·The vulnerability affects Integrate Google Drive plugin versions up to and including 1.1.99; version 1.2.0 contains the fix. Detections should be scoped to sites running versions <= 1.1.99. ↗
- ·The missing authorization affects *several* REST API endpoints, not just /wp-json/igd/v1/get-users-data — broaden detection coverage to all /wp-json/igd/v1/ routes.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fc7x-ffxp-c9q2: Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels
ghsa_unreviewed·2024-12-09
CVE-2023-32117 [CRITICAL] CWE-862 GHSA-fc7x-ffxp-c9q2: Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels
Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99.
VulnCheck
softlabbd integrate_google_drive Missing Authorization
vulncheck·2023·CVSS 9.8
CVE-2023-32117 [CRITICAL] softlabbd integrate_google_drive Missing Authorization
softlabbd integrate_google_drive Missing Authorization
Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99.
Affected: softlabbd integrate_google_drive
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-01-26&host_type=src&vulnerability=cve-2023-32117; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-01-29&host_type=src&vulnerability=cve-2023-32117; https://dashboard.shadowserver.org/statis
No detection rules found.
Nuclei
Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints
nuclei·CVSS 9.8
CVE-2023-32117 [CRITICAL] Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints
Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints
The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more.
Template:
id: CVE-2023-32117
info:
name: Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints
author: DhiyaneshDK
severity: high
description: |
The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.9
No writeups or analysis indexed.
2024-12-09
Published
Exploited in the wild