CVE-2023-46206
published 2025-01-02CVE-2023-46206: Missing Authorization vulnerability in websoudan MW WP Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MW WP…
PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.38%
29.6th percentile
Missing Authorization vulnerability in websoudan MW WP Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MW WP Form: from n/a through 4.4.5.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | mupdf | >= 0 < 1.12.0+ds1-1ubuntu0.1~esm2 | 1.12.0+ds1-1ubuntu0.1~esm2 |
| artifex | mupdf | >= 0 < 1.16.1+ds1-1ubuntu1+esm2 | 1.16.1+ds1-1ubuntu1+esm2 |
| artifex | mupdf | >= 0 < 1.19.0+ds1-2ubuntu0.1~esm1 | 1.19.0+ds1-2ubuntu0.1~esm1 |
| artifex | mupdf | >= 0 < 1.23.10+ds1-1ubuntu0.1~esm1 | 1.23.10+ds1-1ubuntu0.1~esm1 |
| websoudan | mw_wp_form | n/a – 4.4.5 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
mupdf vulnerabilities
osv·2025-11-25·CVSS 7.5
CVE-2023-51103 mupdf vulnerabilities
mupdf vulnerabilities
It was discovered that MuPDF could be made to divide by zero. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2023-51103, CVE-2023-51104, CVE-2023-51105, CVE-2023-51106)
It was discovered that MuPDF incorrectly handled memory under certain
circumstances, which could lead to a NULL pointer dereference. An
attacker could potentially use this issue to cause a denial of service.
(CVE-2024-46657)
It was discovered that MuPDF could enter an infinite recursion when
parsing certain PDF files. An attacker could possibly use this issue to
cause a denial of service. (CVE-2025-46206)
GHSA
GHSA-m2x6-ffx8-32q3: Missing Authorization vulnerability in websoudan MW WP Form allows Exploiting Incorrectly Configured Access Control Security Levels
ghsa_unreviewed·2025-01-02
CVE-2023-46206 [MEDIUM] CWE-862 GHSA-m2x6-ffx8-32q3: Missing Authorization vulnerability in websoudan MW WP Form allows Exploiting Incorrectly Configured Access Control Security Levels
Missing Authorization vulnerability in websoudan MW WP Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MW WP Form: from n/a through 4.4.5.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-02
Published