CVE-2023-0889
TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the default role to administrator
The Themeflection Numbers plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the tf_numb_save_licenses function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation. Version 2.0.0 introduced a partial patch which prevented privilege escalation but still potentially allowed data modification.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-02-17 CVE Reserved
- 2023-03-27 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-11-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-862: Missing Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/c39473a7-47fc-4bce-99ad-28d03f41e74e | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Metagauss Search vendor "Metagauss" | Themeflection Numbers Search vendor "Metagauss" for product "Themeflection Numbers" | < 2.0.1 Search vendor "Metagauss" for product "Themeflection Numbers" and version " < 2.0.1" | wordpress |
Affected
| ||||||