WordPress Plugin Vulnerabilities

WPCafe < 2.2.23 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access, modification, or loss of data due to a missing capability check on an unknown function, allowing unauthenticated attackers to make use of the unprotected functionality.

Affects Plugins

Plugin icon
wp-cafe
Fixed in 2.2.23

References

CVE
CVE-2023-47805
URL
https://patchstack.com/database/vulnerability/wp-cafe/wordpress-wpcafe-plugin-2-2-19-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
9ffc125b-d978-4d84-bbca-0b1399b3fd3f

Timeline

Publicly Published
2023-11-15 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-03-11 (about 2 years ago)

Other

Published
Title
Published
2025-10-21
Title
VikBooking Hotel Booking Engine & PMS < 1.8.3 - Missing Authorization
Published
2025-01-15
Title
Multi Step Form < 1.7.24 - Missing Authorization to Unauthenticated Limited File Upload
Published
2025-04-17
Title
Advanced Google Maps < 5.8.5 - Missing Authorization
Published
2023-10-17
Title
Themify Ultra < 7.3.6 - Missing Authorization
Published
2025-11-24
Title
PropertyHive < 2.1.13 - Missing Authorization