CVE-2023-0328: WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion
First published: Mon Mar 06 2023(Updated: )
The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wpcode | <2.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-0328?
The severity of CVE-2023-0328 is medium with a CVSS score of 4.3.
How does CVE-2023-0328 affect the WPCode WordPress plugin?
CVE-2023-0328 affects the WPCode WordPress plugin version up to 2.0.7 and allows any authenticated user who can edit posts to call certain AJAX actions without proper privilege checks.
What is the CWE ID for CVE-2023-0328?
The CWE ID for CVE-2023-0328 is 863.
Where can I find more information about CVE-2023-0328?
You can find more information about CVE-2023-0328 at the following reference: [https://wpscan.com/vulnerability/3c4318a9-a3c5-409b-a52e-edd8583c3c43]
How can I fix CVE-2023-0328?
To fix CVE-2023-0328, update the WPCode WordPress plugin to version 2.0.7 or higher.
- agent/type
- agent/severity
- agent/references
- agent/title
- agent/weakness
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/wpcode
- canonical/wpcode