First published: Fri Oct 20 2023(Updated: )
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post.
Credit: security@wordfence.com security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Gvectors Wpdiscuz | <=7.6.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this wpDiscuz plugin vulnerability is CVE-2023-3998.
The severity of CVE-2023-3998 is medium with a CVSS score of 5.3.
CVE-2023-3998 is a vulnerability in the wpDiscuz plugin for WordPress which allows unauthorized modification of data by unauthenticated attackers.
Versions up to and including 7.6.3 of the wpDiscuz plugin for WordPress are affected by CVE-2023-3998.
To fix the wpDiscuz plugin vulnerability, users should update to version 7.6.4 or later.