CVE-2023-45760

Medium

Published: 02 January 2025

Published

02 January 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score 0.0037 58.9th percentile

Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-45760 is a medium-severity Missing Authorization (CWE-862) vulnerability in Gvectors Wpdiscuz. Its CVSS base score is 4.3 (Medium).

Operationally, ranked in the top 41.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to information and system resources, directly mitigating the missing authorization vulnerability in wpDiscuz.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of flaws like CVE-2023-45760 in wpDiscuz through version 7.6.3.

AC-6 Least Privilege partial match

prevent

Applies least privilege to restrict low-privileged users from exploiting the access control vulnerability for unauthorized disclosure.

NVD Description

Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.3.

Deeper analysisAI

CVE-2023-45760 is a missing authorization vulnerability, classified under CWE-862, in the wpDiscuz WordPress plugin developed by AdvancedCoding. The flaw enables exploiting incorrectly configured access control security levels and affects all versions of wpDiscuz from n/a through 7.6.3.

The vulnerability carries a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Low-privileged users with network access can exploit it with low attack complexity and no user interaction, achieving low-impact unauthorized disclosure of confidential information without affecting integrity or availability.

The Patchstack advisory provides further details on this broken access control vulnerability in wpDiscuz version 7.6.3 at https://patchstack.com/database/Wordpress/Plugin/wpdiscuz/vulnerability/wordpress-wpdiscuz-plugin-7-6-3-broken-access-control-vulnerability?_s_id=cve.