Vulnerability Details : CVE-2023-2351
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0.
Products affected by CVE-2023-2351
- cpe:2.3:a:wpdirectorykit:wp_directory_kit:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-2351
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-2351
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
3.9
|
2.5
|
Wordfence |
CWE ids for CVE-2023-2351
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: security@wordfence.com (Primary)
References for CVE-2023-2351
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/50c5154c-1573-4c2b-85a1-a89bdb22dc7d?source=cve
WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_actionPatch;Third Party Advisory
-
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2905795%40wpdirectorykit&new=2905795%40wpdirectorykit&sfp_email=&sfph_mail=
Changeset 2905795 for wpdirectorykit – WordPress Plugin RepositoryPatch;Release Notes
-
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2907164%40wpdirectorykit&new=2907164%40wpdirectorykit&sfp_email=&sfph_mail=
Changeset 2907164 for wpdirectorykit – WordPress Plugin RepositoryPatch;Release Notes
-
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2917413%40wpdirectorykit&new=2917413%40wpdirectorykit&sfp_email=&sfph_mail=
Changeset 2917413 for wpdirectorykit – WordPress Plugin RepositoryPatch;Release Notes
-
https://plugins.trac.wordpress.org/browser/wpdirectorykit/tags/1.1.8/public/class-wpdirectorykit-public.php#L249
class-wpdirectorykit-public.php in wpdirectorykit/tags/1.1.8/public – WordPress Plugin RepositoryExploit
-
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2905046%40wpdirectorykit&new=2905046%40wpdirectorykit&sfp_email=&sfph_mail=
Changeset 2905046 for wpdirectorykit – WordPress Plugin RepositoryPatch;Release Notes
Jump to