CVE-2023-46309
Published: 02 January 2025
Summary
CVE-2023-46309 is a medium-severity Missing Authorization (CWE-862) vulnerability in Gvectors Wpdiscuz. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2023-46309 is a missing authorization vulnerability (CWE-862) in the wpDiscuz WordPress plugin developed by AdvancedCoding. The flaw allows exploitation of incorrectly configured access control security levels and affects all versions of wpDiscuz from n/a through 7.6.10. Published on January 2, 2025, it carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Exploitation enables limited integrity impacts, such as unauthorized modifications, by bypassing intended access controls in the plugin.
Patchstack provides details on this broken access control issue in wpDiscuz version 7.6.10 via its vulnerability database at https://patchstack.com/database/Wordpress/Plugin/wpdiscuz/vulnerability/wordpress-wpdiscuz-plugin-7-6-10-broken-access-control-vulnerability?_s_id=cve.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-50530
Vulnerability details
Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.10.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authorization (CWE-862) in public-facing WordPress plugin directly enables remote unauthenticated exploitation of a web application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation directly patches the missing authorization vulnerability in wpDiscuz, preventing unauthenticated exploitation of broken access controls.
Access enforcement requires the plugin to implement and enforce approved authorizations, comprehensively addressing the missing authorization checks allowing unauthorized modifications.
Secure configuration settings for the wpDiscuz plugin mitigate exploitation of incorrectly configured access control security levels.