WordPress Plugin Vulnerabilities

Slider - Ultimate Responsive Image Slider < 3.5.12 - Subscriber+ Arbitrary Post Access

Description

The plugin does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected

Proof of Concept

Affects Plugins

Plugin icon
ultimate-responsive-image-slider
Fixed in 3.5.12

References

CVE
CVE-2023-6077

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając (CERT PL)
Submitter
Krzysztof Zając (CERT PL)
Submitter website
https://cert.pl
Submitter twitter
cert_polska_en
Verified
Yes
WPVDB ID
1afc0e4a-f712-47d4-bf29-7719ccbbbb1b

Timeline

Publicly Published
2023-11-23 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-11-23 (about 2 years ago)

Other

Published
Title
Published
2024-04-05
Title
WP Poll Maker < 3.4 - Authenticated (Subscriber+) Arbitrary File Deletion
Published
2024-12-20
Title
WP BASE Booking of Appointments, Services and Events < 5.0.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db
Published
2025-03-24
Title
Music Press Pro <= 1.4.6 - Missing Authorization
Published
2025-06-12
Title
CubeWP Forms < 1.1.6 - Missing Authorization
Published
2024-03-26
Title
Max Mega Menu < 3.3.1 - Missing Authorization