CVE-2023-47769
WordPress WP Maintenance plugin <= 6.1.3 - IP Filtering Bypass vulnerability
Severity Score
3.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Maintenance: from n/a through 6.1.3.
La vulnerabilidad de omisión de autenticación mediante suplantación de identidad en WP Maintenance permite acceder a funciones que no están correctamente restringidas por las ACL. Este problema afecta a WP Maintenance: desde n/a hasta 6.1.3.
The WP Maintenance plugin for WordPress is vulnerable to IP Address Restriction Bypass in versions up to, and including, 6.1.3. This can be used to bypass settings that may have blocked out an IP address from accessing a page on the site.
*Credits:
Mika (Patchstack Alliance)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-09 CVE Reserved
- 2023-11-14 CVE Published
- 2024-06-06 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-290: Authentication Bypass by Spoofing
- CWE-348: Use of Less Trusted Source
CAPEC
- CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
References (1)
URL | Tag | Source |
---|---|---|
https://patchstack.com/database/vulnerability/wp-maintenance/wordpress-wp-maintenance-plugin-6-1-3-ip-filtering-bypass-vulnerability?_s_id=cve | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wp Maintenance Search vendor "Wp Maintenance" | Wp Maintenance Search vendor "Wp Maintenance" for product "Wp Maintenance" | >= 0.0.0 <= 6.1.3 Search vendor "Wp Maintenance" for product "Wp Maintenance" and version " >= 0.0.0 <= 6.1.3" | en |
Affected
|