CVE-2023-40011
Cost Calculator Builder <= 3.1.42 - Improper Authorization
Severity Score
5.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to improper capability checks on multiple functions in versions up to, and including, 3.1.42. This makes it possible for authenticated attackers with Author permissions to manage the plugin's settings.
*Credits:
Rafshanzani Suhada
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-17 CVE Published
- 2024-01-22 CVE Updated
- ---------- CVE Reserved
- ---------- EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-285: Improper Authorization
CAPEC
References (0)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cost Calculator Builder Search vendor "Cost Calculator Builder" | Cost Calculator Builder Search vendor "Cost Calculator Builder" for product "Cost Calculator Builder" | >= 0.0.0 < 3.1.43 Search vendor "Cost Calculator Builder" for product "Cost Calculator Builder" and version " >= 0.0.0 < 3.1.43" | en |
Affected
| ||||||