CVE-2023-6066

medium

Description

The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site.

References

https://wpscan.com/vulnerability/f8f84d47-49aa-4258-a8a6-3de8e7342623

Details

Source: Mitre, NVD

Published: 2024-01-15

Updated: 2024-01-19

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N