CVE-2023-6257

CWE-862Missing Authorization3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 61.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Inline Related PostsData443 Inline Related Posts
Timeline
PublishedApr 11

Description

The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/inline_related_posts< 3.6.0

🔴Vulnerability Details

2
GHSA
GHSA-f35w-r35c-hc8m: The Inline Related Posts WordPress plugin before 32024-04-11
CVEList
Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read2024-04-11
CVE-2023-6257 (MEDIUM CVSS 4.3) | The Inline Related Posts WordPress | cvebase.io