What is the severity of CVE-2023-39995?

CVE-2023-39995 is categorized as a Missing Authorization vulnerability with potentially high impact due to improperly configured access control security levels.

How do I fix CVE-2023-39995?

To fix CVE-2023-39995, update the WP OnlineSupport Portfolio and Projects plugin to the latest version beyond 1.3.7, where the vulnerability is addressed.

Who is affected by CVE-2023-39995?

CVE-2023-39995 affects users of WP OnlineSupport Portfolio and Projects plugin version 1.3.7 and earlier.

What types of attacks can exploit CVE-2023-39995?

Attackers can exploit CVE-2023-39995 to gain unauthorized access to resources and features due to broken access control.

Is CVE-2023-39995 a common vulnerability?

While the prevalence of CVE-2023-39995 specifically may vary, vulnerabilities related to missing authorization are common in web applications.

Vulnerability/
CVE-2023-39995

medium

4.3

CWE

862

13/12/2024

CVE-2023-39995: WordPress Portfolio and Projects plugin <= 1.3.7 - Broken Access Control vulnerability

First published: Fri Dec 13 2024(Updated: )

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Portfolio and Projects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio and Projects: from n/a through 1.3.7.

Credit: audit@patchstack.com

Affected Software	Affected Version	How to fix
WordPress Portfolio and Projects	<=1.3.7
EssentialPlugin Portfolio and Projects	<=1.3.7

Remedy

Update the WordPress Portfolio and Projects plugin to the latest available version (at least 1.3.8).

Never miss a vulnerability like this again

Reference Links

https://patchstack.com/database/wordpress/plugin/portfolio-and-projects/vulnerability/wordpress-portfolio-and-projects-plugin-1-3-7-broken-access-control-vulnerability?_s_id=cve

Frequently Asked Questions

What is the severity of CVE-2023-39995?
CVE-2023-39995 is categorized as a Missing Authorization vulnerability with potentially high impact due to improperly configured access control security levels.
How do I fix CVE-2023-39995?
To fix CVE-2023-39995, update the WP OnlineSupport Portfolio and Projects plugin to the latest version beyond 1.3.7, where the vulnerability is addressed.
Who is affected by CVE-2023-39995?
CVE-2023-39995 affects users of WP OnlineSupport Portfolio and Projects plugin version 1.3.7 and earlier.
What types of attacks can exploit CVE-2023-39995?
Attackers can exploit CVE-2023-39995 to gain unauthorized access to resources and features due to broken access control.
Is CVE-2023-39995 a common vulnerability?
While the prevalence of CVE-2023-39995 specifically may vary, vulnerabilities related to missing authorization are common in web applications.

agent/weakness
agent/references
agent/remedy
agent/title
agent/description
agent/type
agent/first-publish-date
collector/nvd-api
source/NVD
agent/author
agent/severity
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/wp onlinesupport
canonical/wordpress portfolio and projects
vendor/wordpress
canonical/essentialplugin portfolio and projects

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.