CVE-2023-41953
published 2024-12-09CVE-2023-41953: Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1.
PriorityP427medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.40%
32.1th percentile
Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_visual_studio_2017_version_15.9 | — | — |
| msrc | microsoft_visual_studio_2019_version_16.11 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.0 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.2 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.4 | — | — |
| profilepress_membership_team | profilepress | n/a – 4.13.1 | — |
| properfraction | profilepress | < 4.13.2 | 4.13.2 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vendor_msrc8.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
GitHub: CVE-2022-41953 Git GUI Clone Remote Code Execution Vulnerability
vendor_msrc·2023-02-14·CVSS 8.6
CVE-2023-41953 [HIGH] GitHub: CVE-2022-41953 Git GUI Clone Remote Code Execution Vulnerability
GitHub: CVE-2022-41953 Git GUI Clone Remote Code Execution Vulnerability
FAQ: Why is this GitHub CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.
Visual Studio: Visual Studio
Github: Github
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
Remediation: Release Notes
Reference: http://aka.ms/vs/15/release/latest
Reference: https://my
GHSA
GHSA-g82v-73f7-4w62: Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress
ghsa_unreviewed·2024-12-09
CVE-2023-41953 [MEDIUM] CWE-862 GHSA-g82v-73f7-4w62: Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress
Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-09
Published