WordPress Plugin Vulnerabilities

Integrate Google Drive < 1.3.4 - Subscriber+ Settings Update

Description

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them

Affects Plugins

Plugin icon
integrate-google-drive
Fixed in 1.3.4

References

CVE
CVE-2023-52177
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/a4c8d390-145a-4926-99e9-b386dfe5e6ac

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nguyen Xuan Chien
Verified
No
WPVDB ID
924336e6-ac04-4996-8fca-d38e9a85f5c6

Timeline

Publicly Published
2023-12-29 (about 2 years ago)
Added
2024-01-03 (about 2 years ago)
Last Updated
2024-01-03 (about 2 years ago)

Other

Published
Title
Published
2026-05-13
Title
InfusedWoo Pro < 5.1.3 - Unauthenticated Missing Authorization to Arbitrary Post Deletion via Multiple Parameters
Published
2026-03-03
Title
Seraphinite Accelerator < 2.28.15 - Missing Authorization to Authenticated (Subscriber+) Log Clearing
Published
2024-03-21
Title
360 Javascript Viewer < 1.7.13 - Missing Authorization to Plugin Settings Update
Published
2025-07-08
Title
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible < 6.7.17 - Missing Authorization to Unauthenticated Plugin Settings Modification
Published
2024-08-07
Title
Advanced Cron Manager – debug & control < 2.5.10 - Missing Authorization