WordPress Plugin Vulnerabilities

Accordions < 2.1.0 - Authenticated Arbitrary Options Update

Description

The plugin does not have proper authorisation, which could allow high privilege users to update arbitrary options even they they should not be allowed to

Affects Plugins

Plugin icon
accordions-or-faqs
Fixed in 2.1.0

References

CVE
CVE-2022-38104

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
Vlad Vector
Verified
No
WPVDB ID
1de4ac23-53c6-4171-a695-3502a4136c57

Timeline

Publicly Published
2022-09-29 (about 3 years ago)
Added
2022-10-22 (about 3 years ago)
Last Updated
2022-10-22 (about 3 years ago)

Other

Published
Title
Published
2024-12-16
Title
Easy Digital Downloads 3.1 - 3.3.4 - Improper Authorization to Paywall Bypass
Published
2026-01-12
Title
CP Image Store with Slideshow < 1.2.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Product Import
Published
2024-02-03
Title
WP Hotel Booking < 2.0.9.3 - Improper Authorization on Multiple REST API Routes
Published
2023-03-10
Title
GiveWP < 2.25.2 - Contributor+ Arbitrary Content Deletion
Published
2025-03-03
Title
Ultimate WordPress Auction Plugin < 4.3.0 - Contributor+ Arbitrary Post Deletion