CVE-2023-27460
WordPress CP Contact Form with PayPal plugin <= 1.3.34 - Missing Authorization Leading To Feedback Submission vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34.
Vulnerabilidad de autorización faltante en CodePeople, paypaldev CP Contact Form with Paypal permite el uso indebido de la funcionalidad. Este problema afecta a CP Contact Form with Paypal: desde n/a hasta 1.3.34.
The CP Contact Form with Paypal plugin for WordPress is vulnerable to missing authorization on the 'cpcfwpp_feedback' function in versions up to, and including, 1.3.34. This allows authenticated attackers, with subscriber-level capabilities or above, to submit feedback to the plugin developers, which is intended to be a functionality reserved for administrators.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-03-01 CVE Reserved
- 2023-03-01 CVE Published
- 2024-06-04 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
- CAPEC-212: Functionality Misuse
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cp Contact Form With Paypal Search vendor "Cp Contact Form With Paypal" | Cp Contact Form With Paypal Search vendor "Cp Contact Form With Paypal" for product "Cp Contact Form With Paypal" | >= 0.0.0 <= 1.3.34 Search vendor "Cp Contact Form With Paypal" for product "Cp Contact Form With Paypal" and version " >= 0.0.0 <= 1.3.34" | en |
Affected
| ||||||