CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-4213

The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.3%

CVSS Severity

CVSS v3 Score 8.8

References

https://plugins.trac.wordpress.org/browser/simplr-registration-form/trunk/lib/profile.php#L148
https://www.wordfence.com/threat-intel/vulnerabilities/id/6ddf0452-3afe-4ada-bccc-30c818968a81?source=cve
https://plugins.trac.wordpress.org/browser/simplr-registration-form/trunk/lib/profile.php#L148
https://www.wordfence.com/threat-intel/vulnerabilities/id/6ddf0452-3afe-4ada-bccc-30c818968a81?source=cve

Products affected by CVE-2023-4213

Mikevanwinkle » Simplr Registration Form Plus+ » Version: Any

cpe:2.3:a:mikevanwinkle:simplr_registration_form_plus+:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-4213

Products

Pricing

Contact Us