CVE-2023-3998
First published: Fri Oct 20 2023(Updated: )
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post.
Credit: security@wordfence.com security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gvectors Wpdiscuz | <=7.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this wpDiscuz plugin vulnerability?
The vulnerability ID for this wpDiscuz plugin vulnerability is CVE-2023-3998.
What is the severity of CVE-2023-3998?
The severity of CVE-2023-3998 is medium with a CVSS score of 5.3.
What is the description of CVE-2023-3998?
CVE-2023-3998 is a vulnerability in the wpDiscuz plugin for WordPress which allows unauthorized modification of data by unauthenticated attackers.
Which versions of wpDiscuz plugin for WordPress are affected by CVE-2023-3998?
Versions up to and including 7.6.3 of the wpDiscuz plugin for WordPress are affected by CVE-2023-3998.
How can the wpDiscuz plugin vulnerability be fixed?
To fix the wpDiscuz plugin vulnerability, users should update to version 7.6.4 or later.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/gvectors
- canonical/gvectors wpdiscuz
- version/gvectors wpdiscuz/7.6.3