Cyber Resilience

CVE-2023-47183

Medium

Published: 02 January 2025

Published
02 January 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0034 57.3th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-47183 is a medium-severity Missing Authorization (CWE-862) vulnerability in Givewp Givewp. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2023-47183 is a missing authorization vulnerability (CWE-862) in the GiveWP WordPress plugin from StellarWP. The issue allows exploiting incorrectly configured access control security levels in the "give" component and affects all versions of GiveWP up to and including 2.33.1. It carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N), indicating medium severity with no confidentiality or availability impact but low integrity impact.

Unauthenticated attackers (PR:N) can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation enables limited integrity modifications (I:L) within the unchanged security scope (S:U), such as unauthorized alterations to plugin-controlled resources.

The Patchstack advisory provides further details on this broken access control vulnerability in GiveWP 2.33.1, available at https://patchstack.com/database/Wordpress/Plugin/give/vulnerability/wordpress-givewp-plugin-2-33-1-broken-access-control-vulnerability?_s_id=cve.

EU & UK References

Vulnerability details

Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 2.33.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Missing authorization/broken access control in public-facing WordPress plugin directly enables remote exploitation of internet-facing application for unauthorized integrity modifications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-2025Same product: Givewp Givewp
CVE-2024-12877Same product: Givewp Givewp
CVE-2025-0912Same product: Givewp Givewp
CVE-2025-22777Same product: Givewp Givewp
CVE-2026-45209Shared CWE-862
CVE-2026-25026Shared CWE-862
CVE-2026-42083Shared CWE-862
CVE-2026-0656Shared CWE-862
CVE-2026-24532Shared CWE-862
CVE-2025-13603Shared CWE-862

Affected Assets

givewp
givewp
≤ 2.33.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations for access to resources, mitigating the missing authorization vulnerability (CWE-862) in GiveWP that allows unauthenticated integrity modifications.

prevent

Employs least privilege to restrict access levels, reducing the scope of unauthorized modifications exploitable via GiveWP's incorrectly configured access controls.

preventrecover

Requires timely remediation of flaws like the broken access control in GiveWP versions <=2.33.1, preventing exploitation through patching.

References