Lucene search

PatchstackCVELIST:CVE-2023-47770

HistoryJun 19, 2024 - 11:12 a.m.

CVE-2023-47770 WordPress BeTheme theme <= 27.1.1 - Contributor+ Broken Access Control vulnerability

2024-06-1911:12:06

CWE-862

Patchstack

www.cve.org

cve-2023-47770

wordpress betheme

broken access control

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

EPSS

Percentile

9.0%

JSON

Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Betheme",
    "vendor": "Muffin Group",
    "versions": [
      {
        "changes": [
          {
            "at": "27.1.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "27.1.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-27-1-1-contributor-broken-access-control-vulnerability?_s_id=cve