06 Oct 2023
Vulnérabilité CVE-2023-4469 CVE Vulnerability
The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields. (CVSS:5.3) (Last Update:2023-10-06 10:15:19)
Vulnerability Details :
The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.
Vulnerability category:Bypass
Exploit prediction scoring system (EPSS) score for CVE-2023-4469
We don't have an EPSS score for this CVE yet EPSS FAQ
CVSS scores for CVE-2023-4469
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|
5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 | [email protected] |
CWE ids for CVE-2023-4469
- The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: [email protected] (Primary)