CVE-2023-46309

Medium

Published: 02 January 2025

Published

02 January 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Score 0.0010 27.6th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-46309 is a medium-severity Missing Authorization (CWE-862) vulnerability in Gvectors Wpdiscuz. Its CVSS base score is 5.3 (Medium).

Operationally, ranked at the 27.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely flaw remediation directly patches the missing authorization vulnerability in wpDiscuz, preventing unauthenticated exploitation of broken access controls.

AC-3 Access Enforcement good match

prevent

Access enforcement requires the plugin to implement and enforce approved authorizations, comprehensively addressing the missing authorization checks allowing unauthorized modifications.

CM-6 Configuration Settings partial match

prevent

Secure configuration settings for the wpDiscuz plugin mitigate exploitation of incorrectly configured access control security levels.

NVD Description

Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.10.

Deeper analysisAI

CVE-2023-46309 is a missing authorization vulnerability (CWE-862) in the wpDiscuz WordPress plugin developed by AdvancedCoding. The flaw allows exploitation of incorrectly configured access control security levels and affects all versions of wpDiscuz from n/a through 7.6.10. Published on January 2, 2025, it carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Exploitation enables limited integrity impacts, such as unauthorized modifications, by bypassing intended access controls in the plugin.

Patchstack provides details on this broken access control issue in wpDiscuz version 7.6.10 via its vulnerability database at https://patchstack.com/database/Wordpress/Plugin/wpdiscuz/vulnerability/wordpress-wpdiscuz-plugin-7-6-10-broken-access-control-vulnerability?_s_id=cve.