CVE-2023-4213 - OpenCVE

The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Mikevanwinkle	Simplr Registration Form Plus\+

Configuration 1 [-]

cpe:2.3:a:mikevanwinkle:simplr_registration_form_plus\+:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://plugins.trac.wordpress.org/browser/simplr-registration-form/trunk/lib/profile.php#L148	Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/6ddf0452-3afe-4ada-bccc-30c818968a81?source=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-09-13T02:54:11.287Z

Updated: 2023-09-13T02:54:11.287Z

Reserved: 2023-08-07T18:53:50.546Z

Link: CVE-2023-4213

JSON object: View

NVD Information

Status : Modified

Published: 2023-09-13T03:15:08.877

Modified: 2023-11-07T04:22:20.617

Link: CVE-2023-4213

JSON object: View

Redhat Information

No data.

CWE

CWE-639

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mikevanwinkle:simplr_registration_form_plus\\+:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "90BF449E-C762-4F85-9C5D-0A52A331E394", "versionEndIncluding": "2.4.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts."}, {"lang": "es", "value": "El complemento Simplr Registration Form Plus+ para WordPress es vulnerable a referencias directas a objetos inseguros en versiones hasta la 2.4.5 inclusive. Esto se debe a que el complemento proporciona acceso controlado por el usuario a los objetos, lo que le permite omitir la autorizaci\u00f3n y acceder a los recursos del sistema. Esto hace posible que atacantes autenticados con permisos de nivel de suscriptor o superiores cambien las contrase\u00f1as de los usuarios y potencialmente se apoderen de cuentas de administrador."}], "id": "CVE-2023-4213", "lastModified": "2023-11-07T04:22:20.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2023-09-13T03:15:08.877", "references": [{"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/browser/simplr-registration-form/trunk/lib/profile.php#L148"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ddf0452-3afe-4ada-bccc-30c818968a81?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}