CVE-2023-47179

High

Published: 02 January 2025

Published

02 January 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.1915 95.4th percentile

Risk Priority 29 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-47179 is a high-severity Missing Authorization (CWE-862) vulnerability in Byconsole Wooodt Lite. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 4.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-5 (Access Restrictions for Change).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Directly enforces approved authorizations for access to system resources, preventing low-privileged users from exploiting missing authorization to perform arbitrary site option updates.

CM-5 Access Restrictions for Change good match

prevent

Restricts access to configuration changes, such as site options, to authorized personnel only, mitigating unauthorized updates by low-privileged users.

AC-6 Least Privilege partial match

prevent

Enforces least privilege to ensure low-privileged users cannot perform high-impact actions like arbitrary site option modifications even if exploited.

NVD Description

Missing Authorization vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooODT Lite: from n/a through <= 2.4.6.

Deeper analysisAI

CVE-2023-47179 is a Missing Authorization vulnerability (CWE-862) in the WooODT Lite WordPress plugin developed by mdalabar under the byconsole-woo-order-delivery-time project. The flaw allows exploiting incorrectly configured access control security levels and affects all versions of WooODT Lite from n/a through 2.4.6. Published on 2025-01-02, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

Low-privileged authenticated users (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and without requiring user interaction (UI:N). Successful exploitation enables high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), specifically through arbitrary site option updates as detailed in vulnerability disclosures.

Patchstack advisories identify this as an arbitrary site option update vulnerability in WooODT Lite up to version 2.4.6. Mitigation involves updating the plugin to a patched version beyond 2.4.6, with practitioners advised to review access controls and monitor for unauthorized option changes in affected environments.