Cyber Posture

CVE-2023-47183

Medium

Published: 02 January 2025

Published
02 January 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0034 56.9th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-47183 is a medium-severity Missing Authorization (CWE-862) vulnerability in Givewp Givewp. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 43.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Directly enforces approved authorizations for access to resources, mitigating the missing authorization vulnerability (CWE-862) in GiveWP that allows unauthenticated integrity modifications.

AC-6 Least Privilege partial match
prevent

Employs least privilege to restrict access levels, reducing the scope of unauthorized modifications exploitable via GiveWP's incorrectly configured access controls.

SI-2 Flaw Remediation good match
preventrecover

Requires timely remediation of flaws like the broken access control in GiveWP versions <=2.33.1, preventing exploitation through patching.

NVD Description

Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 2.33.1.

Deeper analysisAI

CVE-2023-47183 is a missing authorization vulnerability (CWE-862) in the GiveWP WordPress plugin from StellarWP. The issue allows exploiting incorrectly configured access control security levels in the "give" component and affects all versions of GiveWP up to and including 2.33.1. It carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N), indicating medium severity with no confidentiality or availability impact but low integrity impact.

Unauthenticated attackers (PR:N) can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation enables limited integrity modifications (I:L) within the unchanged security scope (S:U), such as unauthorized alterations to plugin-controlled resources.

The Patchstack advisory provides further details on this broken access control vulnerability in GiveWP 2.33.1, available at https://patchstack.com/database/Wordpress/Plugin/give/vulnerability/wordpress-givewp-plugin-2-33-1-broken-access-control-vulnerability?_s_id=cve.

Details

CWE(s)
CWE-862

Affected Products

givewp
givewp
≤ 2.33.2

CVEs Like This One

CVE-2025-2025Same product: Givewp Givewp
CVE-2024-12877Same product: Givewp Givewp
CVE-2025-22777Same product: Givewp Givewp
CVE-2025-0912Same product: Givewp Givewp
CVE-2024-12365Shared CWE-862
CVE-2025-67974Shared CWE-862
CVE-2025-65669Shared CWE-862
CVE-2026-28254Shared CWE-862
CVE-2025-48574Shared CWE-862
CVE-2026-3266Shared CWE-862

References