CVE-2023-7268

CWE-862Missing Authorization3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 60.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Artplacer WidgetArtplacer Artplacer Widget
Timeline
PublishedJul 19

Description

The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5unknown/artplacer_widget< 2.21.2

🔴Vulnerability Details

2
CVEList
ArtPlacer Widget < 2.21.2 - Subscriber+ Arbitrary Widget Deletion2024-07-19
GHSA
GHSA-cc52-c5qx-vgg7: The ArtPlacer Widget WordPress plugin before 22024-07-19
CVE-2023-7268 (MEDIUM CVSS 6.5) | The ArtPlacer Widget WordPress plug | cvebase.io