CVE-2023-2172

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 31, 2023

Updated: Nov 7, 2023

CWE ID 257

Summary

CVE-2023-2172 is a vulnerability affecting the BadgeOS plugin for WordPress. The issue lies in the lack of proper validation and authorization checks within certain functions, specifically badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler, badgeos_update_deduct_steps_ajax_handler, and badgeos_update_ranks_req_steps_ajax_handler. This flaw allows authenticated attackers, who hold subscriber-level permissions and above, to manipulate arbitrary post titles. This vulnerability poses a significant risk to WordPress sites using the BadgeOS plugin in versions up to, and including, 3.7.1.6. Immediate updates to the latest version are recommended to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2016

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

Back to Vulnerability Database