WordPress Plugin Vulnerabilities

Generate Dummy Posts <= 1.0.0 - Missing Authorization

Description

The Generate Dummy Posts plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to make use of this functionality. Exact impacts are unknown.

Affects Plugins

Plugin icon
generate-dummy-posts
No known fix

References

CVE
CVE-2023-46637
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/6d797f36-f485-4049-83f0-01d0cb409a92

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
359378c1-0650-4bc8-845f-7def2046c3b5

Timeline

Publicly Published
2023-10-25 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2026-03-10
Title
Avada Core < 5.15.0 - Missing Authorization
Published
2023-11-07
Title
Dragfy Addons for Elementor <= 1.0.2 - Missing Authorization via save_settings
Published
2025-05-16
Title
EventON - WordPress Virtual Event Calendar Plugin < 4.9.7 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2025-05-07
Title
Envo Extra < 1.9.10 - Missing Authorization
Published
2024-02-07
Title
ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Plugin Data Removal in reinitialize