CVE-2023-3999

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Aug 31, 2023

Updated: Nov 7, 2023

CWE ID 200

Summary

CVE-2023-3999 is a vulnerability affecting the Waiting: One-click countdowns plugin for WordPress. This issue allows authenticated attackers, with subscriber-level permissions and above, to bypass authorization checks on AJAX calls in versions up to 0.6.2. Consequently, attackers can create, delete countdowns, and manipulate other plugin settings, posing a significant security risk. This vulnerability underscores the importance of keeping WordPress plugins updated to protect against potential security threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sQ4ENt
https://www.cve.org/CVERecord?id=CVE-2023-3999
https://nvd.nist.gov/vuln/detail/CVE-2023-3999

Back to Vulnerability Database

CVE-2023-3999

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations