WordPress Plugin Vulnerabilities

wpDiscuz < 7.6.11 - Insufficient Authorization to Comment Submission on Deleted Posts

Description

The plugin is vulnerable to unauthorized modification of data due to insufficient validation on the comment functionality, making it possible for unauthenticated attackers to leave comments on trashed posts.

Affects Plugins

Plugin icon
wpdiscuz
Fixed in 7.6.11

References

CVE
CVE-2023-46309

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Revan Arifio
Verified
No
WPVDB ID
874679f2-bf44-4c11-bc3b-69ae5ac59ced

Timeline

Publicly Published
2023-10-20 (about 2 years ago)
Added
2023-11-07 (about 2 years ago)
Last Updated
2023-11-07 (about 2 years ago)

Other

Published
Title
Published
2023-03-21
Title
JS Job Manager < 2.0.1 - Missing Authorization
Published
2024-01-24
Title
InstaWP Connect < 0.1.0.10 - Missing Authorization to Sensitive Information Dislcosure
Published
2025-02-02
Title
BookPress – For Book Authors <= 1.2.7 - Missing Authorization
Published
2025-12-05
Title
SMS Alert Order Notifications < 3.8.9 - Missing Authorization
Published
2024-07-11
Title
Academy LMS < 2.0.5 - Missing Authorization