WordPress Plugin Vulnerabilities

Taggbox <= 3.3 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on an unknown function, allowing authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.

Affects Plugins

Plugin icon
taggbox-widget
No known fix

References

CVE
CVE-2023-33215
URL
https://patchstack.com/database/vulnerability/taggbox-widget/wordpress-taggbox-ugc-galleries-social-media-widgets-user-reviews-analytics-plugin-2-9-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Jonas Höbenreich
Verified
No
WPVDB ID
379710b6-1bd9-4c27-a204-04f10741770d

Timeline

Publicly Published
2023-10-19 (about 7 months ago)
Added
2023-11-23 (about 5 months ago)
Last Updated
2024-03-20 (about 2 months ago)

Other

Published
Title
Published
2024-05-03
Title
Login with phone number < 1.7.20 - Missing Authorization
Published
2023-10-25
Title
Ni WooCommerce Sales Report < 3.7.4 - Subscriber+ Sale & Order Reports Access
Published
2022-07-18
Title
MultiSafepay < 4.16.0 - Unauthenticated Arbitrary File Access
Published
2023-09-29
Title
WP Custom Admin Interface < 7.33 - Missing Authorization to Transients Deletion
Published
2022-11-21
Title
Betheme < 26.6.3 - Missing Authorization