CVE-2023-6810 : The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unau

The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the get_settings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author access and above, to retrieve the plugin's configured API keys.

Published 2024-05-07 10:15:07

Updated 2024-05-07 13:39:33

Source Wordfence

View at NVD, CVE.org

Vulnerability category: Bypass

Products affected by CVE-2023-6810

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-6810

EPSS FAQ

0.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 39 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-6810

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	Wordfence	2024-05-07
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

References for CVE-2023-6810

https://plugins.trac.wordpress.org/changeset/3081436/clickcease-click-fraud-protection/trunk/classes/routes.php

Changeset 3081436 for clickcease-click-fraud-protection/trunk/classes/routes.php – WordPress Plugin Repository
https://www.wordfence.com/threat-intel/vulnerabilities/id/5d572cac-b8e3-4c52-9b35-80fe5ee9e900?source=cve

ClickCease Click Fraud Protection <= 3.2.4 - Improper Authorization to sensitive information exposure via get_settings

Jump to

Vulnerability Details : CVE-2023-6810

Products affected by CVE-2023-6810

Exploit prediction scoring system (EPSS) score for CVE-2023-6810

CVSS scores for CVE-2023-6810

References for CVE-2023-6810