CVE-2023-4374

CVSS 3.1 Score 7.0 of 10 (high)

Details

Published Aug 16, 2023

Updated: Nov 7, 2023

CWE ID 367

Summary

CVE-2023-4374 is a vulnerability affecting the WP Remote Users Sync plugin for WordPress. This issue allows authenticated attackers with subscriber privileges or higher to bypass capability checks on the 'refresh_logs_async' functions, available in versions up to 1.2.11. Consequently, attackers can gain unauthorized access to data and add new data, posing a significant security risk. This vulnerability highlights the importance of keeping WordPress plugins up-to-date to protect against potential security threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Buildkite Pty Ltd

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/swdnMq
https://www.cve.org/CVERecord?id=CVE-2023-4374
https://nvd.nist.gov/vuln/detail/CVE-2023-4374

Back to Vulnerability Database

CVE-2023-4374

CVSS 3.1 Score 7.0 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations