WordPress Plugin Vulnerabilities

wpDiscuz < 7.6.4 - Post Rating Increase/Decrease iva IDOR

Description

The plugin is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function.

Affects Plugins

Plugin icon
wpdiscuz
Fixed in 7.6.4

References

CVE
CVE-2023-3998

Classification

Type
IDOR
OWASP top 10
A5: Broken Access Control
CWE
CWE-639
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Vladislav Pokrovsky
Verified
No
WPVDB ID
051ab8b8-210e-48ac-82e7-7c4a0aa2ecd5

Timeline

Publicly Published
2023-09-12 (about 2 years ago)
Added
2023-10-20 (about 2 years ago)
Last Updated
2023-10-20 (about 2 years ago)

Other

Published
Title
Published
2024-12-02
Title
Charity Addon for Elementor <= 1.3.3 - Authenticated (Contributor+) Post Disclosure
Published
2025-08-15
Title
School Management <= 93.1.0 - Unauthenticated Insecure Direct Object Reference
Published
2021-06-03
Title
Jetpack < 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak
Published
2024-08-01
Title
LearnPress < 4.2.6.9 - Authenticated (Subscriber+) Insecure Direct Object Reference
Published
2024-04-04
Title
LearnPress < 4.2.6.4 - Insecure Direct Object Reference