Vulnerabilities > CVE-2023-6638 - Missing Authorization vulnerability in Gutengeek GG WOO Feed 1.2.4

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

gutengeek

CWE-862

NVD

Published: 2024-01-11

Updated: 2024-01-18

Summary

The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings.

Vulnerable Configurations

Part	Description	Count
Application	Gutengeek Gutengeek GG WOO Feed - Gutengeek GG WOO Feed 1.2.4	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/ce6b9b0a-e82e-459a-bddf-1c9354bcec00?source=cve
https://plugins.trac.wordpress.org/browser/gg-woo-feed/trunk/inc/Admin/Admin.php?rev=2933599#L199