Vulnerabilities > CVE-2023-6066 - Missing Authorization vulnerability in Kishorkhambu WP Custom Widget Area 1.2.5

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
kishorkhambu
CWE-862
NVD
Published: 2024-01-15
Updated: 2024-11-21

Summary

The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site.

Vulnerable Configurations

Part Description Count
Application
Kishorkhambu
1

Common Weakness Enumeration (CWE)

References