What is the severity of CVE-2023-1979?

CVE-2023-1979 has been classified as a medium severity vulnerability affecting the Web Stories for WordPress plugin.

How do I fix CVE-2023-1979?

To fix CVE-2023-1979, update the Web Stories for WordPress plugin to version 1.32.0 or later.

What are the potential impacts of CVE-2023-1979?

CVE-2023-1979 can potentially allow unauthorized users to access password-protected content.

Which versions of the Web Stories for WordPress plugin are affected by CVE-2023-1979?

CVE-2023-1979 affects all versions of the Web Stories for WordPress plugin prior to 1.32.0.

Who is impacted by CVE-2023-1979?

Users with the 'Author' role in WordPress using an affected version of the Web Stories plugin are impacted by CVE-2023-1979.

Vulnerability/
CVE-2023-1979

medium

6.5

CWE

863

8/5/2023

28/1/2025

CVE-2023-1979: Auth bypass in Web Stories for WordPress plugin

First published: Mon May 08 2023(Updated: )

The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability to edit password protected stories. The vulnerability allowed users with said role to bypass this permission check when trying to duplicate the protected story in the plugin's own dashboard, giving them access to the seemingly protected content. We recommend upgrading to version 1.32 or beyond commit ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 https://github.com/GoogleForCreators/web-stories-wp/commit/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68

Credit: cve-coordination@google.com

Affected Software	Affected Version	How to fix
MakeStories (for Google Web Stories)	<1.32.0
MakeStories (for Google Web Stories)	<1.32.0

Remedy

https://github.com/GoogleForCreators/web-stories-wp/commit/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-1979?
CVE-2023-1979 has been classified as a medium severity vulnerability affecting the Web Stories for WordPress plugin.
How do I fix CVE-2023-1979?
To fix CVE-2023-1979, update the Web Stories for WordPress plugin to version 1.32.0 or later.
What are the potential impacts of CVE-2023-1979?
CVE-2023-1979 can potentially allow unauthorized users to access password-protected content.
Which versions of the Web Stories for WordPress plugin are affected by CVE-2023-1979?
CVE-2023-1979 affects all versions of the Web Stories for WordPress plugin prior to 1.32.0.
Who is impacted by CVE-2023-1979?
Users with the 'Author' role in WordPress using an affected version of the Web Stories plugin are impacted by CVE-2023-1979.

collector/nvd-latest
agent/references
agent/type
agent/softwarecombine
agent/severity
agent/remedy
agent/weakness
agent/title
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
agent/author
vendor/google
canonical/makestories (for google web stories)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.