CVE-2023-3869

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Oct 20, 2023

Updated: Nov 7, 2023

CWE ID 79

Summary

CVE-2023-3869 is a security vulnerability affecting the wpDiscuz plugin for WordPress. This issue stems from a missing authorization check in the voteOnComment function, which is found in plugin versions up to and including 7.6.3. Consequently, unauthenticated attackers can exploit this flaw to manipulate comment ratings by increasing or decreasing them at their discretion. This vulnerability poses a significant risk, as it can impact the integrity and trustworthiness of user feedback on WordPress websites using the affected plugin version.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Umbraco CMS

Affected Vendors

Umbraco HQ

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sGjiBu
https://www.cve.org/CVERecord?id=CVE-2023-3869
https://nvd.nist.gov/vuln/detail/CVE-2023-3869

Back to Vulnerability Database