CVE-2023-6637

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 11, 2024

Updated: Jan 18, 2024

CWE ID 862

Summary

CVE-2023-6637: A vulnerability has been identified in the CAOS | Host Google Analytics Locally plugin for WordPress. Unauthenticated attackers can exploit this issue by bypassing the capability check on the 'update_settings' function, allowing them to modify plugin settings in versions up to 4.7.14. This vulnerability poses a significant risk, as attackers can make unauthorized changes to the plugin configuration without proper authorization. Users of this plugin are strongly advised to update to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

DA An

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tvWzG-
https://www.cve.org/CVERecord?id=CVE-2023-6637
https://nvd.nist.gov/vuln/detail/CVE-2023-6637

Back to Vulnerability Database

CVE-2023-6637

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations