// For flags

CVE-2023-6369

Export WP Page to Static HTML/CSS <= 2.1.9 - Missing Authorization via Multiple AJAX Actions

Severity Score

5.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to disclose sensitive information or perform unauthorized actions, such as saving advanced plugin settings.

El complemento Export WP Page to Static HTML/CSS para WordPress es vulnerable al acceso no autorizado a los datos y a su modificación debido a una falta de verificación de capacidad en múltiples acciones AJAX en todas las versiones hasta la 2.1.9 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, revelen información confidencial o realicen acciones no autorizadas, como guardar configuraciones avanzadas de complementos.

*Credits: Alex Thomas
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-11-28 CVE Reserved
  • 2023-11-28 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-12-11 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-862: Missing Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Myrecorp
Search vendor "Myrecorp"
 Export Wp Page To Static Html\/css
Search vendor "Myrecorp" for product "Export Wp Page To Static Html\/css"
 <= 2.1.9
Search vendor "Myrecorp" for product "Export Wp Page To Static Html\/css" and version " <= 2.1.9"
wordpress
Affected