CVE-2023-2434

LOW Year: 2023
CVSS v3 Score
3.8
Low
Weakness Type
CWE-862
View all →

Vulnerability Description

The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings.

Related Vulnerabilities

CVE-2023-23814

LOW
CVSS:3.8(Low)

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar :...

CWE-8622023

CVE-2017-17433

LOW
CVSS:3.7(Low)

The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_fi...

CWE-8622017

CVE-2019-6121

LOW
CVSS:3.7(Low)

An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Ol...

CWE-8622019

CVE-2019-9171

LOW
CVSS:3.7(Low)

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5).

CWE-8622019

CVE-2020-9009

LOW
CVSS:3.7(Low)

The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely u...

CWE-8622020

CVE-2023-23985

LOW
CVSS:3.7(Low)

Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4.

CWE-8622023