ImageMapper <= 1.2.6 – Subscriber+ Arbitrary Post Deletion | CVE 2023-5506

Affects Plugins

imagemapper

No known fix

References

CVE

CVE-2023-5506

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

5.4 (medium)

Miscellaneous

Original Researcher

Lana Codes

Verified

No

WPVDB ID

9d10213a-2efd-4562-90e3-4efb2de0e903

Timeline

Publicly Published

2023-11-06 (about 2 years ago)

Added

2023-11-16 (about 2 years ago)

Last Updated

2023-11-16 (about 2 years ago)

Other

Published

Title

Published

2026-04-13

Title

Easy Appointments < 3.12.22 - Missing Authorization

Published

2026-04-16

Title

wpForo Forum < 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter

Published

2025-04-02

Title

WR Price List Manager For Woocommerce <= 1.0.8 - Missing Authorization to Arbitrary Content Deletion

Published

2025-01-07

Title

WordPress Webinar Plugin – WebinarPress < 1.33.25 - Missing Authorization to Authenticated (Subscriber+) Webinar Updates

Published

2023-10-25

Title

Ni WooCommerce Sales Report < 3.7.4 - Subscriber+ Sale & Order Reports Access