Vulnerabilities > CVE-2023-6066 - Missing Authorization vulnerability in Kishorkhambu WP Custom Widget Area

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

kishorkhambu

CWE-862

NVD

Published: 2024-01-15

Updated: 2024-01-19

Summary

The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site.

Vulnerable Configurations

Part	Description	Count
Application	Kishorkhambu Kishorkhambu WP Custom Widget Area *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://wpscan.com/vulnerability/f8f84d47-49aa-4258-a8a6-3de8e7342623